Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12054
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.6
 WORDPRESS : WordPress 3.1
 SPIP : spip 2.1
 SIMPLEPRESS : Simple:Press Forum 4.4
 DOLIBARR : Dolibarr 3.1
 FLVPLAYER : flvPlayer 1.0
 TINYMCE : TinyMCE 3.4
 ROUNDCUBE : RoundCube 0.6
 KAJIANWEBSITE : CMS Balitbang 3.0
 ITOP : iTop 1.1
 PMWIKI : PmWiki 2.2
 WORDPRESS : meenews 5.1
 BLOGSMANAGER : Blogs manager 1.101
 VALIDERP : Valid tiny-erp 1.6
 FREELANCERCAL : Freelancer calendar 1.01
 SITRACKER : Support Incident Tracker 3.65
CVE:CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2349-1] spip security update (27.11.2011)
 documentn0b0d13s_(at)_gmail.com, Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Freelancer calendar <= 1.01 SQL Injection Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Valid tiny-erp <= 1.6 SQL Injection Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Blogs manager <= 1.101 SQL Injection Vulnerability (27.11.2011)
 documentAmir_(at)_irist.ir, wordpress Lanoba Social Plugin Xss Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress advanced-text-widget Plugin Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress adminimize Plugin Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress enable-latex plugin Remote File Include Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentn0b0d13s_(at)_gmail.com, PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability (27.11.2011)
 documentTobias Glemser, TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 (27.11.2011)
 documentSteevee a.k.a Stefanus, AdaptCMS 2.x SQL Injection Vulnerability (27.11.2011)
 documentSteevee a.k.a Stefanus, CMS Balitbang 3.x SQL Injection Vulnerability (27.11.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Dolibarr (27.11.2011)
 documentmr xadal, icomex cms (Content Management Solutions) sql injection vulnerability (27.11.2011)
 documentMustLive, Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications (27.11.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород