Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 марта 2011 г.
Источник:
SecurityVulns ID:11485
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CUBECART : CubeCart 2.0
 PHPNUKE : PHP-Nuke 8.0
 MCCONTENTMANAGER : MC Content Manager 10.1
 WORDPRESS : Inline Gallery 0.3
 WORDPRESS : Cool Video Gallery 1.3
 WORDPRESS : GRAND Flash Album Gallery 0.55
 WORDPRESS : 1 Flash Gallery 0.2
 WORDPRESS : PhotoSmash 1.0
 RECORDPRESS : RecordPress 0.3
 ICINGA : Icinga 1.2
 ICINGA : Icinga 1.3
 KODAK : Kodak InSite 5.5
 MUTARE : EVM 2.2
 QUICKPOLLS : Quick Polls 1.0
 WEBENSIO : LMS Web Ensino 2011-02
 TOTVS : Microsiga Protheus 10
CVE:CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.)
Оригинальный текстdocumentFlavio do Carmo Junior aka waKKu, [DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration (09.03.2011)
 documentFlavio do Carmo Junior aka waKKu, [DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection (09.03.2011)
 documentMark Stanislav, 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099) (09.03.2011)
 documentmikispag_(at)_gmail.com, XSS in CubeCart <= 2.0.7 (09.03.2011)
 documentTravis Lee, Mutare Software EVM - CSRF and XSS Vulnerabilities (09.03.2011)
 documentvulns_(at)_dionach.com, InSite Troubleshooting Cross-Site Scripting (09.03.2011)
 documentvulns_(at)_dionach.com, Kodak InSite Login Page Cross-Site Scripting (09.03.2011)
 documentsschurtz_(at)_t-online.de, Cross-Site Scripting vulnerabilities in Icinga (09.03.2011)
 documentirancrash_(at)_gmail.com, RecordPress Multiple Vulnerabilities (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22867: XSS in PhotoSmash wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22868: XSS in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22872: Path disclosure in Cool Video Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22873: XSS in Inline Gallery wordpress plugin (09.03.2011)
 documentMustLive, Cross-Site Scripting уязвимости в MC Content Manager (09.03.2011)
 documentMustLive, Новые уязвимости в PHP-Nuke (09.03.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород