Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:26 августа 2010 г.
Источник:
SecurityVulns ID:11093
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MOINMOIN : MoinMoin 1.9
 MAGIOS : Nagios XI 2009
 BLASTCHAT : BlastChat 3.3
CVE:CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.)
 CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.)
 CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.)
Оригинальный текстdocumentAdam Baldwin, Nagios XI users.php SQL Injection (26.08.2010)
 documentUBUNTU, [USN-977-1] MoinMoin vulnerabilities (26.08.2010)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies Research] Open Source WebEngine and Web Crawler v.0.2 is out! (26.08.2010)
 documentYGN Ethical Hacker Group, Joomla! Component com_bc Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentYGN Ethical Hacker Group, Joomla! Component com_bcaccount Persistent Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentYGN Ethical Hacker Group, BlastChat Chat Client Component version 3.3 <= Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentMustLive, Многочисленные уязвимости в eSitesBuilder (26.08.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород