CVSS: 6.4EPSS: 0%CPEs: 88EXPL: 0CVE-2012-2969
https://notcve.org/view.php?id=CVE-2012-2969
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request. Caucho Quercus, tal y como se distribuye en Resin antes de v4.0.29, permite a atacantes remotos eludir las restricciones previstas en las extensiones de archivos para archivos creados con una secuencia 00% en la ruta de acceso dentro de una petición HTTP. • http://caucho.com/resin-4.0/changes/changes.xtp http://en.securitylab.ru/lab http://en.securitylab.ru/lab/PT-2012-05 http://www.kb.cert.org/vuls/id/309979 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3CVE-2010-2032 – Caucho Resin Professional 3.1.5 - '/resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2032
Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en resin-admin/digest.php de Caucho Technology Resin Professional v3.1.5, v3.1.10, v4.0.6, y posiblemente otras versiones. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) digest_realm o (2) digest_username. NOTA: algunos de estos detalles han sido obtenidos de información procedente de terceras partes. • https://www.exploit-db.com/exploits/34012 http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt http://secunia.com/advisories/39839 http://www.securityfocus.com/archive/1/511341/100/0/threaded http://www.securityfocus.com/bid/40251 http://www.vupen.com/english/advisories/2010/1201 https://exchange.xforce.ibmcloud.com/vulnerabilities/58733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •