CIRT.net

Product:
Netgear Gateway Router RT311/RT314/FR314, firmware versions 3.22, 3.24 and 3.25

Released:
02/03/2002

Description:
Netgear's RT314 is a four-port gateway router targeted at the small home or small office network.

Systems Affected:
RT311 - RT314 - FR314 - RP114
Tested on a Netgear RT314 running firmware versions 3.22, 3.24 and 3.25. Any hardware running this firmware. Any product running ZyXel-RomPager web server 3.02 or earlier is probably also vulnerable.

Not Affected:
RO318

Problem Description:

Released:
09/24/2002

Product Description:

Released:
11/15/2002

Product Description:

Product:
Apache Cocoon

Released:
03/13/2004

Description:
Apache Cocoon 2.1.4 and below are vulnerable to an installation path disclosure.

Systems Affected:
Apache Cocoon 2.1.4
Apache Cocoon 1.7.1

Technical Description:
Default error pages in various versions of the Apache Cocoon Java server reveal the file system path to the Cocoon installation directory.

These URLs will show the path to the Cocoon directory:

• Cocoon 2.1.4: http://[victim]/non-existing-directory/
  

Product:
cpanel.net cPanel Web Host Control Panel

Released:
03/13/2004

Description:
cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting (XSS) in almost every field which is returned to the browser. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Product:
cpanel.net cPanel Web Host Control Panel

Released:
03/13/2004

Description:
cPanel 9.1.0-R85 is vulnerable to a remote file retrieval vulnerability.

Systems Affected:
cPanel 9.1.0-R85

Technical Description: