Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:27 августа 2011 г.
Источник:
SecurityVulns ID:11878
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:LEDGERSMB : LedgerSMB 1.2
 SQLLEDGER : SQL-Ledger 2.8
 JCOW : Jcow 4.2
 JCOW : Jcow 5.2
 CONCRETE5 : Concrete CMS 5.4
 GLPI : GLPI 0.80
 APACHE : Wicket 1.4
Оригинальный текстdocumentchris.travers_(at)_gmail.com, Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower (27.08.2011)
 documentAPACHE, [CVE-2011-2712] Apache Wicket XSS vulnerability (27.08.2011)
 documentChris Travers, SQL-Ledger patch update for SQL injection (27.08.2011)
 documentnoreply_(at)_ptsecurity.ru, JagoanStore CMS Arbitary file upload vulnerability (27.08.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-23] Database information disclosure in GLPI (27.08.2011)
 documentYGN Ethical Hacker Group, [PT-2011-23] Database information disclosure in GLPI (27.08.2011)
 documentYGN Ethical Hacker Group, ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, CreatiWeb Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, ################################ IRANIAN THE BEST HACKERS IN THE WORLD ################## #################### #################### ## ## Remote SQL injection Vulnerability ## ## Dataminas (noticias.php?categoria_id) (galeria.php?galeria (27.08.2011)
 documentYGN Ethical Hacker Group, Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Nafis Group (review.php?ID) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Spherica Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Marinet Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Marinet Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability (27.08.2011)
 documentYGN Ethical Hacker Group, Concrete CMS 5.4.1.1 <= Cross Site Scripting (27.08.2011)
 documentYGN Ethical Hacker Group, Jcow CMS 4.2 <= | Cross Site Scripting (27.08.2011)
 documentYGN Ethical Hacker Group, Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution (27.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород