Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote au…
[pyftpdlib] Improper Input Validation in pyftpdlib
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-6739
https://github.com/giampaolo/pyftpdlib/issues/3
https://github.com/advisories/GHS…
[org.mortbay.jetty:jetty] Improper Authentication in Mortbay Jetty
Mortbay Jetty before 6.1.6rc1 does not properly handle “certain quote sequences” in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-5614
htt…
[org.mortbay.jetty:jetty] Mortbay Jetty vulnerable to Cross-site scripting
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-5613
…
[com.opensymphony:xwork] OpenSymphony XWork vulnerable to improper input validation
XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Obje…
[struts:struts] Cross-site scripting in Apache Struts
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the…
[struts:struts] Improper Input Validation in Apache Struts
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandle…
[struts:struts] Apache Struts vulnerable to Improper Input Validation
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a ‘org.apache.struts.taglib.html.Constants.CANCEL’ parameter, which causes the action to be canceled but would not be detected from app…
[org.apache.nifi:nifi] Multiple components in Apache NiFi do not restrict XML External Entity references
Apache NiFi is a system to process and distribute data. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External…
[remdex/livehelperchat] An attacker can execute malicious javascript in Live Helper Chat
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1530
https://github.com/livehelperchat/livehel…