Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 ноября 2010 г.
Источник:
SecurityVulns ID:11223
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : Joomla 1.5
 MEMHT : MemHT Portal 4.0
 WEBMEDIAEXPLORER : Webmedia Explorer 6.13
 WSNLINKS : WSN Links 6.0
 WSNLINKS : WSN Links 5.1
 WSNLINKS : WSN Links 5.0
 WORDPRESS : cforms 11.5
CVE:CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.)
 CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.)
Оригинальный текстdocumentRodrigo Branco, cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 (02.11.2010)
 documentMark Stanislav, 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) (02.11.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in Webmedia Explorer (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in MemHT Portal (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in MemHT Portal (02.11.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal (02.11.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород