Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 октября 2010 г.
Источник:
SecurityVulns ID:11199
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : Joomla 1.5
 APACHE : Subversion 1.5
 SUBVERSION : Subversion 1.6
 RONNYCMS : Ronny CMS 1.1
 PLUXML : PluXml 5.0
 COLALBTIVE : Collabtive 0.65
 JOOMLA : JS Calendar 1.5
CVE:CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.)
Оригинальный текстdocumentSalvatore "drosophila" Fresta, JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities (13.10.2010)
 documentYGN Ethical Hacker Group, Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability (13.10.2010)
 documentadvisory_(at)_anatoliasecurity.com, Collabtive Multiple Vulnerabilities (13.10.2010)
 documentMANDRIVA, [ MDVSA-2010:199 ] subversion (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Ronny CMS (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Ronny CMS (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PluXml (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PluXml (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PluXml (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in PluXml (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Lara (13.10.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Ronny CMS (13.10.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород