Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:12 марта 2009 г.
Источник:
SecurityVulns ID:9736
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WEBSVN : WebSVN 2.1
 ARYANIC : HighPortal 10
 ARYANIC : HighCMS 10
 WEBID : WeBid 0.7
 WORDPRESS : WordPress MU 2.6
 MAHARA : mahara 1.0
 NEXTAPP : NextApp Echo 2.1
 TRELLISDESK : Trellis Desk 1.0
 TIKIWIKI : TikiWiki 2.2
CVE:CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.)
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.)
 CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.)
 CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.)
 CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.)
 CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.)
Оригинальный текстdocumentiliz-z_(at)_yandex.ru, TikiWiki 2.2 XSS Vulnerability in URI (12.03.2009)
 documentlarry_(at)_jlogica.com, Trellis Desk v1.0 XSS Vulnerability (12.03.2009)
 documentMustLive, Multiple vulnerabilities in Athree CMS (12.03.2009)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability (12.03.2009)
 documentsosoblood_(at)_hotmail.com, Sun Java System Communications Express [HTML Injection] (12.03.2009)
 documentDEBIAN, [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting (12.03.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (12.03.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities (12.03.2009)
 documentmr.faghani_(at)_gmail.com, Aryanic HighCMS and HighPortal multiple Vulnerabilities (12.03.2009)
 documentGENTOO, [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities (12.03.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород