Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:1 августа 2011 г.
Источник:
SecurityVulns ID:11819
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PYFORUM : PyForum 1.0
 PHPMYADMIN : phpMyAdmin 3.4
 HP : HP Network Automation 9.10
 PHPJUNKYARD : GBook PHP guestbook 1.7
 PHPJUNKYARD : MBoard 1.3
 ELGG : Elgg 1.7
 SITECORE : Sitecore CMS 6.4
 SAMBA : swat 3.5
 HP : Sitescope 10.14
 HP : SiteScope 11.10
CVE:CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).)
 CVE-2011-2642 (Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.)
 CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.)
 CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.)
 CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack (01.08.2011)
 documentMANDRIVA, [ MDVSA-2011:121 ] samba (01.08.2011)
 documentDEBIAN, [SECURITY] [DSA 2286-1] phpmyadmin security update (01.08.2011)
 documentTom Neaves, Sitecore CMS 6.4 Open URL Redirect Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, FootBall Cms (view_table_lig.php?group) XSS Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Coherendz (products.php?cat_id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Web Fusion Nepal (tour.php?category) XSS Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, indiacon (selloffers.php?cid) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, cgcraft llc (info.php?id) (news_item.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Vegetav (news_item.php?id) Remote SQL injection Vulnerability (01.08.2011)
 documentYGN Ethical Hacker Group, Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities (01.08.2011)
 documentHigh-Tech Bridge Security Research, Redirection vulnerability in MBoard (01.08.2011)
 documentHigh-Tech Bridge Security Research, Multiple XSS in GBook PHP guestbook (01.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород