Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11070
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SQUIRRELMAIL : squirrelmail 1.4
 MAPSERVER : mapserver 5.6
 WORDPRESS : WordPress 3.0
 SYNTAXCMS : SyntaxCMS 1.3
 HU:LIHAN : Onyx 0.3
 HULIHAN : Mystic 0.1
CVE:CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.)
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.)
 CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.)
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Edit-X CMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution (14.08.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород