Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11912
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:EZ : eZ Flash Tag Cloud 1.0
 SIT : Support Incident Tracker 3.64
 MANAGEENGINE : ServiceDesk Plus 8.0
 NORTEL : Nortel Contact Recording Centralized Archive 6.5
CVE:CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.)
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.)
Оригинальный текстdocumentrgod, Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan) (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan) (20.09.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (20.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in SiT! Support Incident Tracker (20.09.2011)
 documentMustLive, Update: Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (20.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород