Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:1 мая 2012 г.
Источник:
SecurityVulns ID:12352
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SPIP : spip 2.1
 DIRECTADMIN : DirectAdmin 1.403
 WORDPRESS : Organizer 1.2
 PIWIGO : Piwigo 2.3
 PHPVOLUNTEER : PHP Volunteer Management 1.0
 OPIAL : Opial CMS 2.0
 C4BXPHONE : UC Web 4.1
 PRITLOG : Pritlog 0.821
 WEBSENSE : Triton 7.6
 CARPORTAL : Car Portal CMS 3.0
 ACTI : ACTi Web Configurator 3.0
 MYSQLDUMPER : MySQLDumper 1.24
CVE:CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.)
 CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.)
Оригинальный текстdocumentchin4b0y, mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS (01.05.2012)
 documentMustLive, IA, CSRF and FPD vulnerabilities in Organizer for WordPress (01.05.2012)
 documentDEBIAN, [SECURITY] [DSA 2461-1] spip security update (01.05.2012)
 documentVulnerability Lab, DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities (01.05.2012)
 documentVulnerability Lab, Car Portal CMS v3.0 - Multiple Web Vulnerabilities (01.05.2012)
 documentVulnerability Lab, C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability (01.05.2012)
 documentVulnerability Lab, DIY CMS v1.0 Poll - Multiple Web Vulnerabilities (01.05.2012)
 documentThomas Richards, PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities (01.05.2012)
 document[email protected], NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI (01.05.2012)
 document[email protected], NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM (01.05.2012)
 document[email protected], NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI (01.05.2012)
 document[email protected], NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI (01.05.2012)
 documentAmir_(at)_irist.ir, Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities (01.05.2012)
 documentVulnerability Lab, Pritlog v0.821 CMS - Multiple Web Vulnerabilities (01.05.2012)
 documentVulnerability Lab, C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability (01.05.2012)
 documentVulnerability Lab, Opial CMS v2.0 - Multiple Web Vulnerabilities (01.05.2012)
 documentariosrandy_(at)_gmail.com, PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities (01.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород