Underground News – Page 81150

[com.sun.faces:jsf-api] Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References

https://nvd.nist.gov/vuln/detail/CVE-2008-1285
https://bugzilla.re…

[pyftpdlib] Improper privilege management in pyftpdlib

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticat…

[pyftpdlib] pyftpdlib vulnerable to allocation of resources without limits

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References

https://nvd.n…

[pyftpdlib] Directory Traversal in pyftpdlib

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote au…

[pyftpdlib] Improper Authentication in pyftpdlib

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
References

https://nvd.ni…

[pyftpdlib] Improper Input Validation in pyftpdlib

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
References

https://nvd.nist.gov/vuln/detail/CVE-2007-6739
https://github.com/giampaolo/pyftpdlib/issues/3
https://github.com/advisories/GHS…

[org.mortbay.jetty:jetty] Improper Authentication in Mortbay Jetty

Posted inUncategorized
Posted byGitHub
05/02/202206/09/2022

Mortbay Jetty before 6.1.6rc1 does not properly handle “certain quote sequences” in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
References

https://nvd.nist.gov/vuln/detail/CVE-2007-5614
htt…

[org.mortbay.jetty:jetty] Mortbay Jetty vulnerable to Cross-site scripting

Posted inUncategorized
Posted byGitHub
05/02/202206/08/2022

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
References

https://nvd.nist.gov/vuln/detail/CVE-2007-5613
…

[com.opensymphony:xwork] OpenSymphony XWork vulnerable to improper input validation

Posted inUncategorized
Posted byGitHub
05/02/202206/08/2022

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Obje…

Google Chromeに重要な脆弱性が複数存在、アップデートを

Posted inUncategorized
Posted byマイナビニュース
05/01/2022

米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cyberse…