EUVD-2010-3447

Malware in sbrugna...

login.redbackconferencing.com.au Cross Site Scripting vulnerability OBB-3558166

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

LDAP Injection

archiva-redback-core is vulnerable to LDAP injection. The vulnerability exists due to the lack of sanitization of source.getUsername in LdapBindAuthenticator, and this.getEmail, this.getFullName, this.getUsername in LdapUserQuery...

Cross-Site Request Forgery (CSRF)

Apache Archiva and redback-rest-services are vulnerable to cross-site request forgery CSRF attacks.The library does not protect against CSRF attacks at several REST endpoints. This allows a malicious user to send HTML responses that can perform arbitrary actions on the archiva services via a...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of...

CVE-2010-3449

Cross-site request forgery CSRF vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of...

CVE-2010-3449

CVE-2010-3449 is a CSRF flaw in Redback (used by Apache Archiva and Apache Continuum) that allows an attacker to hijack administrator sessions to modify credentials. Affected products include Archiva 1.0–1.3.1 (and related Continuum versions) with Redback versions before 1.2.4 used for authentica...

CVE-2010-3449

Cross-site request forgery CSRF vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of...

Hacker attack and Defense of the PPPoE authentication and use-vulnerability and early warning-the black bar safety net

A Foreword In recent years, Internet data traffic has developed rapidly, broadband users showed explosive growth, the operators in the use of xDSL, LAN, HFC, wireless and other access methods at the same time, in order to build an operable, manageable and profitable broadband network, is very...