CVE-2010-3070
CVE-2010-3070
Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/34565no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blob%3Bf=debian/patches/595248.patch%3Bh=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=268f03b88c6900d1a87b17734c248c705c22cb07http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blobdiff%3Bf=debian/patches/595248.patch%3Bh=11202fa70433b62aeab7dfc68af668329bc0fe7e%3Bhp=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a%3Bhpb=268f03b88c6900d1a87b17734c248c705c22cb07http://git.mantisbt.org/?p=mantisbt.git%3Ba=commit%3Bh=edb817991b99cd5538f102be26865fde7c6b7212http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=629585https://bugzilla.redhat.com/show_bug.cgi?id=633011http://secunia.com/advisories/41653