CVE-2017-12971 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12971
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Apache2Triad 1.5.4 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro account en phpsftpd/users.php. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12965 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12965
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Una vulnerabilidad de fijación de sesión en Apache2Triad 1.5.4 permite que atacantes remotos secuestren sesiones mediante el parámetro PHPSESSID. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-384: Session Fixation •
CVE-2017-12970 – Apache2Triad 1.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-12970
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Apache2Triad 1.5.4 permite que atacantes remotos secuestren la autenticación de usuarios autenticados para peticiones que (1) añadan o (2) eliminen cuentas de usuario mediante una petición a phpsftpd/users.php. Apache2Triad version 1.5.4 suffers from session fixation, cross site request forgery, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/42520 http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html http://www.securityfocus.com/bid/100447 • CWE-352: Cross-Site Request Forgery (CSRF) •