Corsaire Limited

3 exploits Active since Dec 2003
CVE-2003-0514 EXPLOITDB text WRITEUP
Apple Safari - Cookie Access Restriction Bypass via URL-Encoded Directory Traversal
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2003-0624 EXPLOITDB text WRITEUP
BEA WebLogic Server < 8.1 - Cross-Site Scripting via InteractiveQuery.jsp Person Parameter
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
CVE-2003-0621 EXPLOITDB text WRITEUP
BEA Tuxedo 8.1 - Information Disclosure via INIFILE Path Manipulation
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.