Webfrom. plugins. information. informationmain import *: from. plugins. industrial. industrialmain import *: from. plugins. hardware. hardwaremain import *: from ... WebDescription. The remote host is running Resin, an application server. The installation of Resin on the remote host includes a servlet, named 'viewfile', that lets an unauthenticated, …

Web Server Resin viewFile Information Disclosure

WebOct 19, 2010 · You don't say how Resin is running or which JVM it is using or the OS / host but typically a JVM will be governed by a default heap size and a a maximum heap size. ... "Placeholder") and I can set the thumbnail, but then I have to do an update query to replace the "Placeholder" with the fileRead. WebJun 23, 2014 · 4. ViewFile. ViewFile is a straight-forward file dump facility. On its initial execution, ViewFile accepts the name of an input file when the user clicks on the Browse button. ViewFile provides a last directory visited feature that "remembers" the path of the last file examined. ntko office文档控件下载

CVE-2008-2462 : Cross-site scripting (XSS) vulnerability in the ...

Webxray / pocs / resin-viewfile-fileread.yml Go to file Go to file T; Go to line L; Copy path Copy permalink; This commit does not belong to any branch on this repository, and may belong … WebAug 18, 2004 · The remote web server is running Resin. This version of Resin is vulnerable to a cross-site scripting flaw via the 'file' parameter of the Viewfile application. An attacker exploiting this flaw would be able to execute arbitrary script code … WebJun 25, 2008 · The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file" parameter. Impact A remote, unauthenticated attacker may be able to execute arbitrary script within the context of the Resin web pages. Solution Apply an update This issue is resolved in Resin 3.0.25 and 3.1.4. nike tech fleece shorts older boys