Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 мая 2011 г.
Источник:
SecurityVulns ID:11635
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPGRAPHY : phpGraphy 0.9
 BACKUPPC : BackupPC 3.1
 MYBB : Mybb 1.6
 TIMTHUMB : TimThumb 1.24
 WORDPRESS : Daily Maui Photo Widget 0.2
 WORDPRESS : WP Photo Album 1.5
 BACKUPPC : BackupPC 3.2
 SAP : SAP Enterprise Portal 7.31
 INVENTIVE : MediaCast 8
 LANSA : LANSA aXes V1R3M5
 SPIP : spip 2.1
CVE:CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.)
 CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.)
 CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.)
 CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.)
 CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:082 ] python-feedparser (02.05.2011)
 documentDEBIAN, [SECURITY] [DSA 2229-1] spip security update (02.05.2011)
 documentPatrick Webster, OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability (02.05.2011)
 documentDaniel Clemens, CVE-2010-0216 MediaCast Password Dump Vulnerability (02.05.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure (02.05.2011)
 documentMustLive, HTB22965: Multiple XSS vulnerabilities in BackupPC (02.05.2011)
 documentMustLive, HTB22961: XSS in WP Photo Album wordpress plugin (02.05.2011)
 documentMustLive, HTB22960: XSS in Daily Maui Photo Widget wordpress plugin (02.05.2011)
 documentMustLive, HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy (02.05.2011)
 documentMustLive, HTB22958: XSS in phpGraphy (02.05.2011)
 documentMustLive, XSS, Redirector и IAA уязвимости в MyBB (02.05.2011)
 documentMustLive, Уязвимости в теме Magazeen для WordPress и Dotclear (02.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород