WebSVN version 2.3.3 suffers from a cross site scripting vulnerability.
a7ba5892e78ad95ffdce00b9ef1323a029dbfc66b48c4f38700561660a102d77Oxwall Forum version 1.8.1 suffers from a persistent cross site scripting vulnerability.
b6aa613c8ccb42f23d6b700696f06569ae0df89c8101c407d293670c9bf3d89dFiyo CMS version 2.0.2.1 suffers from multiple persistent cross site scripting vulnerabilities.
5732fdfc5011b9dc19c8c8eaf3c4b3828bf0fc3780fe9b88c196adbe676b6107When accessing resources via the ServletContext methods getResource() getResourceAsStream() and getResourcePaths() the paths should be limited to the current web application. The validation was not correct and paths of the form "/.." were not rejected. Note that paths starting with "/../" were correctly rejected. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.64, and 8.0.0.RC1 through 8.0.26.
b1f753e54e5215e5b5e3807834777c09565ba6a20e0a2b3c9fb5433a181e671aThe index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. Apache Tomcat versions 7.0.1 through 7.0.67, 8.0.0.RC1 through 8.0.31, and 9.0.0.M1 are affected.
cac499db9a90243eb7e3a3ae64996e75bfc026156676e4f5e2b513a78ec60214The StatusManagerServlet could be loaded by a web application when a security manager was configured. This servlet would then provide the web application with a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. This could have exposed sensitive information from other web applications such as session IDs to the web application. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.
881ae95f3222d34f23b6f66acf5f6fe6bc505df9c7afff2901307b8b3b3a741fDell OpenManage Server Administrator version 8.2 suffers from an authenticated directory traversal vulnerability.
f79a0b4fd92e8976403bd4b3878b355070b977051c0ec9f4ffe8fe936a2be51dWhen recycling the Request object to use for a new request, the requestedSessionSSL field was not recycled. This meant that a session ID provided in the next request to be processed using the recycled Request object could be used when it should not have been. This gave the client the ability to control the session ID. In theory, this could have been used as part of a session fixation attack but it would have been hard to achieve as the attacker would not have been able to force the victim to use the 'correct' Request object. It was also necessary for at least one web application to be configured to use the SSL session ID as the HTTP session ID. This is not a common configuration. Apache Tomcat versions 7.0.5 through 7.0.65, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.
f04a5470641204db89ec17e9b80c496ffce8bd8aae7f2efd4bc0229158a89b21Apache Tomcat provides several session persistence mechanisms. The StandardManager persists session over a restart. The PersistentManager is able to persist sessions to files, a database or a custom Store. The Cluster implementation persists sessions to one or more additional nodes in the cluster. All of these mechanisms could be exploited to bypass a security manager. Session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code. By placing a carefully crafted object into a session, a malicious web application could trigger the execution of arbitrary code. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.
d8b973e72649ee49a60e92929010021e4dfc8736401a1288bdb928d8309d8597ManageEngine Firewall Analyzer version 8.5 suffers from a remote SQL injection vulnerability.
203b6cdf8a8826ec7dc6dc08b58ffe98cd59dcd74b8ded9ec3ce4969545c2a02PLANET IP surveillance camera model ICA-5350V suffers from authentication bypass, cross site request forgery, cross site scripting, arbitrary file read, hardcoded credential, and local file inclusion vulnerabilities.
9760b0ddcfb05af2b4f17976ad5b7b98e7d7ce2e5fee368b40236d57d5e5a7b7SOLIDserver versions 5.0.4 and below suffer from a local file inclusion vulnerability.
01fe2fec29a6447d363278aed3981ba0efe470dabc0e35b81ca17d0daae55ab6SamenBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
68b5084457f76fb3532f45c3afce9726fa50bde054a8ae2bf5a8047cfa6d3a81E-Cidade suffers from a path traversal vulnerability.
627a5e737562ff52b9fcd20e8d27159fb5a876854f062d1aa3897b98a610fd5aThru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the contacts list functionality.
04bf2eec97770c7bbdcc28f9522714c4b0542d404957116ca9741cfcd118f04aThru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the upload functionality.
f0fc879814ce1f79dd42f81a3bfde9648a14d4d21f9c544a934eff7660ae4c39The Thru Managed File Transfer application version 9.0.2 allows both unauthenticated and authenticated users to upload files, including viruses.
178fc60f24aa280af3d976a9ac3ef913d89f1c7872bc906e522d80c60a97306b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed