Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:6 октября 2009 г.
Источник:
SecurityVulns ID:10292
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENX : OpenX 2.6
 OPENX : OpenX 2.8
 HYPERIC : Hyperic HQ 3.2
 SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 PBBOARD : PBBoard 2.0
CVE:CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentadmin_(at)_sec-area.com, [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic (06.10.2009)
 documentadmin_(at)_sec-area.com, [Advisory]PBBoard <=2.0.2 Full Path Disclosure (06.10.2009)
 documentpalmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
 documentMustLive, New vulnerabilities in OpenX (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace (06.10.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0812-Hyperic HQ Multiple XSS (06.10.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород