Computer Security
[EN] securityvulns.ru no-pyccku


Snare multiple security vulnerabilities
Published:11.12.2012
Source:
SecurityVulns ID:12769
Type:remote
Threat Level:
5/10
Description:Information leakage, CSRF, XSS.
Affected:SNARE : snare 1.6
CVE:CVE-2011-5250
 CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command.)
 CVE-2011-5247
Original documentdocumentJust Bugs, Snare for Linux Password Disclosure (11.12.2012)
 documentJust Bugs, Snare for Linux Cross-Site Request Forgery (11.12.2012)
 documentSnare for Linux Cross-Site Scripting via Log Injection, sometimesbugs@gmail.com (11.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod