 |
|
|
|
| Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) | | Опубликовано: |  | 10 апреля 2009 г. | | Источник: |  | | | SecurityVulns ID: |  | 9808 | | Тип: |  | удаленная | | Опасность: |  | 5/10 | | Описание: |  | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д. |
| Затронутые продукты: |  | OPENADS : Openads 2.4 | | | | HORDE : Horde 3.2 | | | | EXJUNE : Exjune Guestbook 2 | | | | ADAPTBB : AdaptBB 1.0 | | | | GEEKLOG : Geeklog 1.5 | | | | LGASOFT : SASPCMS 0.9 | | | | NET2FTP : net2ftp 0.97 | | CVE: |  | CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.) | | | | CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.) | | | | CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.) |
|
|
|
|
|
|
|
|
