Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the …war filename.
Referen…
[org.apache.tomcat:tomcat] Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tl…
[org.apache.tomcat:tomcat] Cross-site scripting in Apache Tomcat
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary w…
[org.apache.geronimo.plugins:console] Apache Geronimo Application Server CSRF vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the …
[com.sun.faces:jsf-api] Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2008-1285
https://bugzilla.re…
[pyftpdlib] pyftpdlib vulnerable to allocation of resources without limits
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References
https://nvd.n…
[pyftpdlib] Improper privilege management in pyftpdlib
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticat…
[pyftpdlib] Improper Input Validation in pyftpdlib
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-6739
https://github.com/giampaolo/pyftpdlib/issues/3
https://github.com/advisories/GHS…
[pyftpdlib] Improper Authentication in pyftpdlib
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
https://nvd.ni…
[pyftpdlib] Directory Traversal in pyftpdlib
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote au…