exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Brett Porter

Apache Archiva 1.3x Remote Command Execution

Posted Apr 21, 2014

Authored by Brett Porter | Site archiva.apache.org

Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution.

tags | advisory, remote

advisories | CVE-2013-2251

SHA-256 | 6016752b96e92a44c9cf1eebaa5b10137807afe16bffa1cffa6f222ce1c77103

Download | Favorite | View

Apache Archiva 1.3x Cross Site Scripting

Posted Apr 21, 2014

Authored by Brett Porter | Site archiva.apache.org

Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to a cross site scripting issue.

tags | advisory, xss

advisories | CVE-2013-2187

SHA-256 | f3dd2a6339f2b9cb29bc32104faba46017ede0de57263310b410cddaa5374bbf

Download | Favorite | View

Apache Archiva 1.3.3 Cross Site Scripting

Posted Feb 16, 2011

Authored by Brett Porter | Site archiva.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.

tags | advisory, arbitrary, javascript

advisories | CVE-2011-0533

SHA-256 | ef5405a5cdb908fbdea9c2ca94e9485904f66d387638df61bed5396d7b39036a

Download | Favorite | View

Apache Continuum Cross Site Request Forgery

Posted Feb 10, 2011

Authored by Brett Porter | Site continuum.apache.org

Apache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.

tags | advisory, csrf

advisories | CVE-2010-3449

SHA-256 | ce3bb3132116881504d85a987dcae5a6efc2e7aa84e4ad9fc0ce456ec27175e2

Download | Favorite | View

Apache Continuum Cross Site Scripting

Posted Feb 10, 2011

Authored by Brett Porter | Site continuum.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.

tags | advisory, arbitrary, javascript

advisories | CVE-2011-0533

SHA-256 | 0782a37ae7b67ae32bd44e36f19edd4ac64c7f6b85bc91cd4b7a0687e3f4cf9a

Download | Favorite | View