• HTTP Response Splitting vulnerability
• Open Redirection vulnerability

cPanel HTTP Response Splitting Vulnerability – Security Advisory (PDF).
cPanel HTTP Response Splitting Vulnerability – Security Advisory (TXT).

I’d like to point out the lame work of the cPanel Security Team on these vulnerabilities. Usually when I report a vulnerability, I get some kind of interaction with the vendor developers and/or the security team, most of the times I enjoy working with the people involved. In this case, the cPanel Security Team were unresponsive. Eventually I was forced to release the security advisory even though one of the vulnerabilities (the Open Redirection vulnerability) is still unpatched.

References:
BID 37902
OSVDB 61954
exploit-db 11211

• UTF-7 Cross-Site Scripting

PDF version.
TXT version.

This actually mean that every web application hosted on a Caucho Resin application server is vulnerable to Cross-Site Scripting… If you have one, I seriously recommend you patch your server :-)

References:
Caucho Resin 3.2.1 Release Notes
Caucho bug ID 2965

• HTTP Response Splitting
• Cross-Site Scripting

PDF version.
TXT version.

Also on:
BID 31577
milw0rm

• .jsp Local File Inclusion
• Cross-Site Scripting

JSPWiki allow users to upload (attach) files to entry pages. Combined with the LFI vulnerability, an attacker can use the information disclosed by the installation file to upload a malicious .jsp file and locally execute it.
By executing malicious server-side code, an attacker may be able to compromise the server.

Actually, this is the only published file inclusion vulnerability I’ve ever seen on a Java based web application.
Well, there’s more out there :-)

PDF version.
TXT version.

Also on:
BID 27785
milw0rm

Vulnerabilities found:

• Cross-Site Scripting
• UTF-7 Cross-Site Scripting

TXT version.

Also on:
BID 21956
MediaWiki patch announcement
RSnake expand the MediaWiki 1.9.2 UTF-7 XSS exploit