Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 11 мая 2010 г.
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10817
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 CLANTIGER : ClanTiger 1.1
 FAMILICMS : Family Connections 2.2
 ADVANCEDPOLL : Advanced Poll 2.08
 ORANGEHRM : OrangeHRM 2.5
 CMSMADESIMPLE : CMS Made Simple 1.7
 JAWS : jaws 0.8
 ECSHOP : ECShop 2.7
 SOURCEFABRIC : Campsite 3.3
 CLANSPHERE : ClanSphere 2009.0
 DELUXEBB : DeluxeBB 1.3
 EFRONTLEARNING : Efront 3.6
 S9Y : Serendipity 1.5
 XINHA : Xinha 0.96
 REZERVI : REZERVI 3.0
CVE:CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.)
 CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.)
Оригинальный текстdocumentMustLive, Vulnerability in tagcloud for Kasseler CMS (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129) (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (13.05.2010)
 documenteidelweiss, 29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in Saurus CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in DynamiXgate Affiliate Store Builder (11.05.2010)
 documentMustLive, Vulnerability in widget Cumulus for BlogEngine.NET (11.05.2010)
 documentMANDRIVA, [ MDVSA-2010:092 ] cacti (11.05.2010)
 documenteidelweiss, REZERVI (root) Remote Command Execution Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, ClanTiger Shoutbox Module s_email SQL Injection vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)
 documentvulns_(at)_wintercore.com, [Wintercore Research] Consona Products - Multiple vulnerabilities (11.05.2010)
 documentlis cker, Injection of ECShop apps. (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Jaws (11.05.2010)
 documentHanno Bock, pmwiki: persistent cross site scripting (XSS), CVE-2010-1481 (11.05.2010)
 documentHanno Bock, CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482 (11.05.2010)
 documentZakar Miklуs, SA00001-2010 (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Advanced Poll (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentBUGTRAQ, XSS vulnerability in Advanced Poll (11.05.2010)
 documentSalvatore "drosophila" Fresta, Family Connections 2.2.3 Multiple Remote Vulnerabilities (11.05.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Turnkey Innovations SQL Injection Vulnerability (11.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород