Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:24 марта 2010 г.
Источник:
SecurityVulns ID:10711
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 UWCMS : Universal Web CMS 1.0
 INSTANTCMS : Instant CMS 1.1
 PULSECMS : Pulse CMS 1.2
 SPRINGSOURCE : Hyperic HQ 4.2
 OPENCMS : OAMP comments module 1.0
 DISCUZ : Discuz! 7.0
CVE:CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.)
 CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.)
 CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields.")
Оригинальный текстdocumentlis cker, "$referer" export lead to the cross-site flaws in all versions of Discuz! (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability (24.03.2010)
 documentCyrill Brunschwiler, CVE-2009-4505 OpenCMS OAMP Comments Module XSS (24.03.2010)
 documents2-security, CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability (24.03.2010)
 documenteidelweiss, Joomla component com_universal <= Remote File Inclusion Vulnerability exploit (24.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород