Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:		11 апреля 2011 г.
Источник:
SecurityVulns ID:		11569
Тип:		удаленная
Уровень опасности:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.

Затронутые продукты:		PHPCOLLAB : phpCollab 2.5
		WORDPRESS : Live Wire Edition 2.3
		JOOMLA : Joomla 1.6
		1024CMS : 1024cms Admin Control Panel 1.1
		SONEXIS : Sonexis ConferenceManager 9.2
		SONEXIS : Sonexis ConferenceManager 9.3
CVE:		CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.)

Оригинальный текст		robkraus_(at)_solutionary.com, Sonexis ConferenceManager SQL Injection (11.04.2011)
		robkraus_(at)_solutionary.com, Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities (11.04.2011)
		Hanno Bock, phplist: cross site request forgery (CSRF), CVE-2011-0748 (11.04.2011)
		by_argos_(at)_hotmail.com, XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta (11.04.2011)
		by_argos_(at)_hotmail.com, LFI Vulnerability in 024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) (11.04.2011)
		by_argos_(at)_hotmail.com, Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) (11.04.2011)
		by_argos_(at)_hotmail.com, XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) (11.04.2011)
		by_argos_(at)_hotmail.com, LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) (11.04.2011)
		eidelweiss_(at)_windowslive.com, joomlacontenteditor (com_jce) BLIND sql injection vulnerability (11.04.2011)
		High-Tech Bridge Security Research, HTB22915: Path disclosure in Joomla (11.04.2011)
		High-Tech Bridge Security Research, HTB22921: SQL Injection in Viscacha (11.04.2011)
		High-Tech Bridge Security Research, HTB22919: Multiple XSS in Viscacha (11.04.2011)
		High-Tech Bridge Security Research, HTB22920: Path disclosure in Viscacha (11.04.2011)
		High-Tech Bridge Security Research, HTB22918: Path disclosure in phpCollab (11.04.2011)
		High-Tech Bridge Security Research, HTB22917: XSS vulnerabilities in phpCollab (11.04.2011)
		High-Tech Bridge Security Research, HTB22916: XSRF (CSRF) in phpCollab (11.04.2011)
		MustLive, Уязвимости в теме Live Wire Edition для WordPress (11.04.2011)