CVE-2011-5081

Related Files

Mandriva Linux Security Advisory 2013-062

Posted Apr 8, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-062 - Cross-site scripting vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi. Cross-site scripting vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer. Also, This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings.

tags | advisory, remote, web, arbitrary, cgi, xss

systems | linux, mandriva

advisories | CVE-2011-5081, CVE-2011-4923

SHA-256 | 2fa65dee664e8f1536ee0594d9b35cbcf524795d9eaad6576dc293c440d378f0

Download | Favorite | View

Ubuntu Security Notice USN-1444-1

Posted May 18, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2011-5081

SHA-256 | 359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152

Download | Favorite | View