Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:11 января 2011 г.
Источник:
SecurityVulns ID:11343
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPNUK : PHP-Nuke 8.1
 WIKLINK : WikLink 0.1
 WHCMS : whCMS 0.115
 CAMBIOCMS : Cambio 0.5
 DIAFAN : diafan.CMS 4.3
 VAMSOFT : VaM Shop 1.6
 ENERGINE : Energine 2.3
 JAFCMS : JAF-CMS 4.0
 MHONARC : MHonArc 2.6
CVE:CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.)
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.)
Оригинальный текстdocumentMustLive, XSS и IAA уязвимости в PHP-Nuke (11.01.2011)
 documentMANDRIVA, [ MDVSA-2011:003 ] MHonArc (11.01.2011)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "fold" and "site" SQL Injections in WikLink (11.01.2011)
 documentchin4b0y, Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2 (11.01.2011)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclosure in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Cambio (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in whCMS (11.01.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород