Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:8 августа 2010 г.
Источник:
SecurityVulns ID:11041
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.8
 DATAFACE : Dataface 1.0
 DT : DT Centrepiece 4.5
 HULIHAN : Amethyst 0.1
 HULIHAN : BXR 0.6
 HULIHAN : DiamondList 0.1
 OPENBLOG : Open blog 1.2
 PRADOPORTAL : Prado Portal 1.2
 MANTIS : MantisBT 1.2
 ZEUSCART : ZeusCart 3.0
CVE:CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.)
Оригинальный текстdocumentMustLive, CSRF, Information Leakage and Full path disclosure vulnerabilities in WordPress (08.08.2010)
 documentSECUNIA, Secunia Research: MantisBT "Add Category" Script Insertion Vulnerability (08.08.2010)
 documentSecPod Research, ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability (08.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in BXR (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Prado Portal (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DT Centrepiece (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DiamondList (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in DiamondList (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BXR search (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Open Blog (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Open blog (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Open blog (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in SiteLoom CMS (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DiamondList (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Amethyst (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BXR (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in BXR (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BXR (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Amethyst (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Amethyst (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Amethyst (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DT Centrepiece (08.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DT Centrepiece (08.08.2010)
 documentHigh-Tech Bridge Security Research, Application Logic Error in DT Centrepiece (08.08.2010)
 documentHigh-Tech Bridge Security Research, Application Logic Error in DT Centrepiece (08.08.2010)
 documentMustLive, Vulnerabilities in Dataface Web Application Framework (08.08.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород