Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:26 сентября 2011 г.
Источник:
SecurityVulns ID:11920
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PUNBB : PunBB 1.3
 S9Y : Serendipity 1.5
 FREEHELPDESK : Help Desk Software 1.1
 AWSTATS : AWStats 6.0
 AWSTATS : AWStats 7.0
 TWIKI : TWiki 5.1
 SECUREURL : secureURL 2.0
 ANELECTRON : Advanced Electron Forums 1.0
 FLYNAX : General Classifieds Software 3.2
 FLYNAX : Auto Classifieds Script 3.2
 FLYNAX : Real Estate Classifieds 3.2
 FLYNAX : Pets Classifieds Software 3.2
 ADAPTCMS : AdaptCMS 2.0
 ICEWARP : IceWarp Mail Server 10.3
CVE:CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.)
 CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.)
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server (26.09.2011)
 documentAmir_(at)_irist.ir, PunBB 1.3.6 bug (26.09.2011)
 documentsschurtz_(at)_t-online.de, Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability (26.09.2011)
 documentsschurtz_(at)_t-online.de, AdaptCMS 2.0.1 Multiple security vulnerabilities (26.09.2011)
 documentNasel Pentest, Vulnerability found in Flynax Classifieds products (26.09.2011)
 documentSohil Garg, [CVE-2011-3645] Multiple vulnerability in "Omnidocs" (26.09.2011)
 documentYGN Ethical Hacker Group, Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability (26.09.2011)
 documentNetsparker Advisories, XSS Vulnerabilities in TWiki < 5.1.0 (26.09.2011)
 documentMustLive, Multiple vulnerabilities in AWStats (26.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Help Desk Software (26.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород