EUVD-2005-2315

Malware in sbrugna...

Apache2Triad Cross-Site Request Forgery Vulnerability

Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site request forgery vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending a request to the phpsftpd/users.php file to add or remove user accounts...

Apache2Triad Cross-Site Scripting Vulnerability

Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site scripting vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending the 'account' parameter to the phpsftpd/users.php file to inject arbitrary web...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...

CVE-2017-12970

Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...

CVE-2017-12971

Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...

CVE-2017-12971

Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...

CVE-2017-12971

Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...

CVE-2017-12971

Apache2Triad 1.5.4 has a Persistent Cross-Site Scripting (XSS) vulnerability (CVE-2017-12971) in which an attacker can inject script/HTML via the account parameter to phpsftpd/users.php. The available sources confirm the affected product and vulnerable component (Apache2Triad 1.5.4) and the vulne...

CVE-2017-12970

Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...

CVE-2017-12970

Apache2Triad 1.5.4 is affected by CVE-2017-12970 (CSRF). Multiple sources describe a CSRF weakness in phpsftpd/users.php that can allow an attacker to hijack the authenticated user’s session to add or delete user accounts. The Alpha-vendor product is Apache2Triad; no explicit remediation/patch ve...

PHPsFTPd 0.2/0.4 Inc.Login.PHP Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14222/info PHPsFTPd is affected by a privilege escalation vulnerability. PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processing login credentials. A...

CVE-2005-2314

inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the dologin parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response...

CVE-2005-2314

CVE-2005-2314 (PHPsFTPd) affects PHPsFTPd versions 0.2–0.4. The flaw allows remote attackers to bypass login checks and exfiltrate the administrator’s credentials by setting the do_login parameter and performing an edit action via user.php, causing the login verification to be leaked in the respo...

CVE-2005-2314

inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the dologin parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response...

phpsftpd.txt

Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...

PHPsFTPd - Admin password leak

Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...

PHPsFTPd 0.20.4 - Inc.login.php Privilege Escalation

PHPsFTPd 0.20.4 - Inc.login.php Privilege Escalation // source: https://www.securityfocus.com/bid/14222/info PHPsFTPd is affected by a privilege escalation vulnerability. PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processin...

PHPsFTPd 0.2/0.4 - 'Inc.login.php' Privilege Escalation

// source: https://www.securityfocus.com/bid/14222/info PHPsFTPd is affected by a privilege escalation vulnerability. PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processing login credentials. An attacker can exploit this...