Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:11 февраля 2011 г.
Источник:
SecurityVulns ID:11414
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CGIIRC : CGI:IRC 0.5
 FIREBOOK : Firebook 3.100328
 WORDPRESS : WP Forum Server 1.6
 RUNCMS : RunCMS 2.2
 SOURCEBANS : SourceBans 1.4
 APACHE : Continuum 1.3
 APACHE : Continuum 1.4
CVE:CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.)
 CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter.)
 CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability (11.02.2011)
 documentAPACHE, [SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability (11.02.2011)
 documentDavid Leadbeater, CGI:IRC XSS issue (CVE-2011-0050) (11.02.2011)
 documentnull_(at)_null.null, SourceBans Version 1.4.7 XSS (11.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22852: SQL Injection in WP Forum Server wordpress plugin (11.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22851: SQL Injection in WP Forum Server wordpress plugin (11.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22822: XSS vulnerability in RunCMS (11.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22821: Path disclosure in RunCMS (11.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22820: SQL Injection in RunCMS (11.02.2011)
 documentMustLive, Многочисленные уязвимости в Firebook (11.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород