Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:3 января 2011 г.
Источник:
SecurityVulns ID:11328
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPMYADMIN : phpMyAdmin 3.3
 OPENBLOG : Open blog 1.2
 OCPRODUCTS : ocPortal 5.0
 LIGHTNEASY : LightNEasy 3.0
 OPENCART : OpenCart 1.4
 NIBBLOBLOG : Nibbleblog 3.0
 GEEKLOG : Geeklog 1.7
CVE:CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.)
 CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[[email protected]@page]".)
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.)
Оригинальный текстdocumentYGN Ethical Hacker Group, Geeklog 1.7.1 <= Cross Site Scripting Vulnerability (03.01.2011)
 documentDEBIAN, [SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities (03.01.2011)
 documentHigh-Tech Bridge Security Research, SQL Injection in LightNEasy (03.01.2011)
 documentHigh-Tech Bridge Security Research, Information disclosure in LightNEasy (03.01.2011)
 documentHigh-Tech Bridge Security Research, LFI in LightNEasy (03.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclosure in LightNEasy (03.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclousure in Nibbleblog (03.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclousure in OpenCart (03.01.2011)
 documentHigh-Tech Bridge Security Research, SQL Injection in LightNEasy (03.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclousure in ocPortal (03.01.2011)
 documentHigh-Tech Bridge Security Research, CSRF (Cross-Site Request Forgery) in Open blog (03.01.2011)
 documentchin4b0y, Skadate Multiple Persistent Cross Site Scripting Vulnerabilities (Undisclosed New Vulnerability) (03.01.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород