CIRT vuln disclosure

Netgear RT311/RT314/FR314/RP114 XSS

Product:
Netgear Gateway Router RT311/RT314/FR314, firmware versions 3.22, 3.24 and 3.25

Released:
02/03/2002

Description:
Netgear's RT314 is a four-port gateway router targeted at the small home or small office network.

Systems Affected:
RT311 - RT314 - FR314 - RP114
Tested on a Netgear RT314 running firmware versions 3.22, 3.24 and 3.25. Any hardware running this firmware. Any product running ZyXel-RomPager web server 3.02 or earlier is probably also vulnerable.

Not Affected:
RO318

Problem Description:

Vulnerabilities: 

Apache Cocoon Path Disclosure

Product:
Apache Cocoon

Released:
03/13/2004

Description:
Apache Cocoon 2.1.4 and below are vulnerable to an installation path disclosure.

Systems Affected:
Apache Cocoon 2.1.4
Apache Cocoon 1.7.1

Technical Description:
Default error pages in various versions of the Apache Cocoon Java server reveal the file system path to the Cocoon installation directory.

These URLs will show the path to the Cocoon directory:

  • Cocoon 2.1.4: http://[victim]/non-existing-directory/
Vulnerabilities: 

cPanel 9.1.0-R85 Cross Site Scripting (XSS)

Product:
cpanel.net cPanel Web Host Control Panel

Released:
03/13/2004

Description:
cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting (XSS) in almost every field which is returned to the browser. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Vulnerabilities: 

cPanel 9.1.0-R85 Remote File Retrieval

Product:
cpanel.net cPanel Web Host Control Panel

Released:
03/13/2004

Description:
cPanel 9.1.0-R85 is vulnerable to a remote file retrieval vulnerability.

Systems Affected:
cPanel 9.1.0-R85

Technical Description:

Vulnerabilities: 

Pages