Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:29 июня 2010 г.
Источник:
SecurityVulns ID:10963
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:TOMATOCMS : TomatoCMS 2.0
 WORDPRESS : Cimy Counter 0.9
 TORNADOSTORE : TornadoStore 1.4
 LATEK : PortalApp 4.0
 GRAFIKPOWER : Grafik CMS 1.1
 TASKFREAK : TaskFreak 0.6
CVE:CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.)
 CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.)
 CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.)
 CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.)
Оригинальный текстdocumentSECUNIA, Secunia Research: TaskFreak "tznMessage" Cross-Site Scripting Vulnerability (29.06.2010)
 documentSECUNIA, Secunia Research: TaskFreak "password" SQL Injection Vulnerability (29.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Grafik CMS (29.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PortalApp (29.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PortalApp (29.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Grafik CMS (29.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Grafik CMS (29.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PortalApp (29.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in TomatoCMS (29.06.2010)
 documentBonsai - Information Security, Multiple XSS in TornadoStore 1.4.3 (29.06.2010)
 documentBonsai - Information Security, Multiple SQL Injection in TornadoStore 1.4.3 (29.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород