exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Rajat Swarup

Apache ActiveMQ Persistent Cross-Site Scripting

Posted Apr 1, 2010

Authored by Rajat Swarup | Site activemq.apache.org

Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.

tags | advisory, remote, xss

advisories | CVE-2010-0684

SHA-256 | a93c7b1bf48d73b062e00b4bcc020d13797e54a1c0439e6efadd535c2fdb2b1b

Download | Favorite | View

iDEFENSE Security Advisory 2007-06-14.1

Posted Jun 15, 2007

Authored by iDefense Labs, Rajat Swarup | Site idefense.com

iDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary, javascript, xss

advisories | CVE-2007-3101

SHA-256 | 244283775e3ba1442966782ad515ee3b4e94173b27931fb11f8a1cb4f498d173

Download | Favorite | View