29 matches found
EUVD-2017-4492
Malware in sbrugna...
EUVD-2017-4491
Malware in sbrugna...
EUVD-2017-4486
Malware in sbrugna...
Apache2Triad Cross-Site Scripting Vulnerability
Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site scripting vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending the 'account' parameter to the phpsftpd/users.php file to inject arbitrary web...
Apache2Triad Session Fixation Vulnerability
Apache2Triad is a server software deployment solution for Windows-based platforms. A session fixation vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability to hijack a web session with the help of the 'PHPSESSID' parameter...
Apache2Triad Cross-Site Request Forgery Vulnerability
Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site request forgery vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending a request to the phpsftpd/users.php file to add or remove user accounts...
Cross site scripting
Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...
CVE-2017-12971
Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...
CVE-2017-12965
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...
Session fixation
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...
CVE-2017-12971
Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...
CVE-2017-12965
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...
CVE-2017-12970
Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...
CVE-2017-12965
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter...
CVE-2017-12965
Apache2Triad v1.5.4 on Windows is affected by CVE-2017-12965, a session-fixation vulnerability that allows remote attackers to hijack web sessions via the PHPSESSID parameter. Descriptions across sources (NVD/CNVD) consistently identify Session Fixation as the issue; exploit details are not provi...
CVE-2017-12971
Apache2Triad 1.5.4 has a Persistent Cross-Site Scripting (XSS) vulnerability (CVE-2017-12971) in which an attacker can inject script/HTML via the account parameter to phpsftpd/users.php. The available sources confirm the affected product and vulnerable component (Apache2Triad 1.5.4) and the vulne...
CVE-2017-12970
Apache2Triad 1.5.4 is affected by CVE-2017-12970 (CSRF). Multiple sources describe a CSRF weakness in phpsftpd/users.php that can allow an attacker to hijack the authenticated user’s session to add or delete user accounts. The Alpha-vendor product is Apache2Triad; no explicit remediation/patch ve...
CVE-2017-12970
Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...
CVE-2017-12971
Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...