CVSS: 6.4EPSS: 0%CPEs: 88EXPL: 0CVE-2012-2969
https://notcve.org/view.php?id=CVE-2012-2969
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request. Caucho Quercus, tal y como se distribuye en Resin antes de v4.0.29, permite a atacantes remotos eludir las restricciones previstas en las extensiones de archivos para archivos creados con una secuencia 00% en la ruta de acceso dentro de una petición HTTP. • http://caucho.com/resin-4.0/changes/changes.xtp http://en.securitylab.ru/lab http://en.securitylab.ru/lab/PT-2012-05 http://www.kb.cert.org/vuls/id/309979 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2462
https://notcve.org/view.php?id=CVE-2008-2462
Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el comando de documentación viewfile de Caucho Resin antes de 3.0.25 y 3.1.x anterior a 3.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro file. • http://secunia.com/advisories/30845 http://www.caucho.com/resin/changes/changes-31.xtp#3.1.4%20-%20Dec%205%2C%202007 http://www.kb.cert.org/vuls/id/305208 http://www.securityfocus.com/bid/29948 http://www.securitytracker.com/id?1020372 http://www.vupen.com/english/advisories/2008/1930/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43367 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 3%CPEs: 2EXPL: 0CVE-2007-2439
https://notcve.org/view.php?id=CVE-2007-2439
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. Caucho Resin Professional 3.1.0 y Caucho Resin 3.1.0 y anteriores para Windows permite a atacantes remotos provocar una denegación de servicio (cuelgue del dispositivo) y leer datos de un dispositivo COM o LPT mediante un nombre de dispositivo DOS con una extensión arbitraria. • http://osvdb.org/36059 http://secunia.com/advisories/25286 http://www.caucho.com/resin-3.1/changes/changes.xtp http://www.rapid7.com/advisories/R7-0028.jsp http://www.securitytracker.com/id?1018061 http://www.vupen.com/english/advisories/2007/1824 https://exchange.xforce.ibmcloud.com/vulnerabilities/34301 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2007-2441 – Caucho Resin 3.1 - Encoded Space Request Full Path Disclosure
https://notcve.org/view.php?id=CVE-2007-2441
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. Caucho Resin Professional 3.1.0 y Caucho Resin 3.1.0 y versiones anteriores para Windows permiten a atacantes remotos obtener la ruta del sistema mediante URLs concretas asociadas con (1) desplegando aplicaciones web ó (2) visualizando .xtp files. • https://www.exploit-db.com/exploits/30037 http://osvdb.org/36057 http://secunia.com/advisories/25286 http://www.caucho.com/resin-3.1/changes/changes.xtp http://www.rapid7.com/advisories/R7-0030.jsp http://www.securityfocus.com/bid/23985 http://www.securitytracker.com/id?1018061 http://www.vupen.com/english/advisories/2007/1824 https://exchange.xforce.ibmcloud.com/vulnerabilities/34293 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2007-2440 – Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2007-2440
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. Vulnerabilidad de cruce de directorio en Caucho Resin Professional 3.1.0 y Caucho Resin 3.1.0 y anteriores para Windows permite a atacantes remotos leer ciertos ficheros mediante una secuencia .. (punto punto) en un URI que contiene la secuencia "\web-inf". • https://www.exploit-db.com/exploits/30038 http://osvdb.org/36058 http://secunia.com/advisories/25286 http://www.caucho.com/resin-3.1/changes/changes.xtp http://www.rapid7.com/advisories/R7-0029.jsp http://www.securityfocus.com/bid/23985 http://www.securitytracker.com/id?1018061 http://www.vupen.com/english/advisories/2007/1824 https://exchange.xforce.ibmcloud.com/vulnerabilities/34296 •