Tomasz Kuczynski

2 exploits Active since Aug 2007

CVE-2008-0178 EXPLOITDB text WORKING POC

Liferay Enterprise Portal 4.3.6 - Authenticated Cross-Site Scripting via User-Agent HTTP Header

Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

View Code

CVE-2007-3382 EXPLOITDB text WORKING POC

Apache Tomcat Session ID Exposure via Cookie Delimiter Mishandling

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

View Code