Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:16 февраля 2009 г.
Источник:
SecurityVulns ID:9681
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SNOOPY : Snoopy 1.2
 MOODLE : Moodle 1.6
 MOODLE : Moodle 1.7
 MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 SAMIZDAT : Samizdat 0.6
 WEBSVN : WebSVN 2.0
 WEBSVN : WebSVN 1.7
 RAVENNUKE : RavenNuke 2.3
CVE:CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.)
 CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.)
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.)
 CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.)
Оригинальный текстdocumentJanek Vind, [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 (16.02.2009)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1725-1] New websvn packages fix information leak (16.02.2009)
 documentDmitry Borodaenko, Cross-site scripting in Samizdat 0.6.1 (16.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities (16.02.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород