CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-12965 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12965
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Una vulnerabilidad de fijación de sesión en Apache2Triad 1.5.4 permite que atacantes remotos secuestren sesiones mediante el parámetro PHPSESSID. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-12970 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12970
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Apache2Triad 1.5.4 permite que atacantes remotos secuestren la autenticación de usuarios autenticados para peticiones que (1) añadan o (2) eliminen cuentas de usuario mediante una petición a phpsftpd/users.php. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2017-12971 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12971
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Apache2Triad 1.5.4 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro account en phpsftpd/users.php. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2006-0144
https://notcve.org/view.php?id=CVE-2006-0144
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. • http://apache2triad.net/forums/viewtopic.php?p=14670 http://secunia.com/advisories/18390 http://www.securityfocus.com/archive/1/421469/100/0/threaded http://www.securityfocus.com/bid/16174 http://www.vupen.com/english/advisories/2006/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/24076 • CWE-94: Improper Control of Generation of Code ('Code Injection') •