Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 июля 2012 г.
Источник:
SecurityVulns ID:12460
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:BACKUPPC : BackupPC 3.2
 NAGIOS : Nagios XI 2011
 VALARSOFT : Webmatic 3.1
 WORDPRESS : Wordpress 3.4
 CLSCRIPT : CLscript CMS 3.0
 GUESTBOOKSCRIPTS : GuestBook Scripts PHP 1.5
 CLASSIFIED : Classified 1.1
 PLOW : plow 0.0
 TIKI : Tiki Wiki 8.3
 BOOKMARK4U : Bookmark4U 2.1
 TEMENOS : TEMENOS T24 7
 APACHE : Roller 4.0
 APACHE : Roller 5.0
 APACHE : SugarCRM CE 6.3
 ZEND : Zend Framework 1.12
 ZEND : Zend Framework 1.11
 ZEND : Zend Framework 2.0
CVE:CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.)
 CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.)
 CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.)
 CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.)
 CVE-2012-0694
Оригинальный текстdocumentUBUNTU, [USN-1444-1] BackupPC vulnerability (09.07.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection (09.07.2012)
 documentn0b0d13s_(at)_gmail.com, [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution (09.07.2012)
 documentDave, CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability (09.07.2012)
 documentDave, CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability (09.07.2012)
 documentrewterz, REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability (09.07.2012)
 documentBugs NotHugs, Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI (09.07.2012)
 documentm.razavi777_(at)_gmail.com, Basilic RCE bug (09.07.2012)
 document[email protected], NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection (09.07.2012)
 document[email protected], NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection (09.07.2012)
 document[email protected], NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS (09.07.2012)
 documentAmir_(at)_irist.ir, Wordpress (editormonkey) Arbitrary File Upload Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, Forum Oxalis 0.1.2 <= SQL Injection Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, plow 0.0.5 <= Buffer Overflow Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, plow 0.0.5 <= Buffer Overflow Vulnerability (09.07.2012)
 documentVulnerability Lab, Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities (09.07.2012)
 documentVulnerability Lab, Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities (09.07.2012)
 documentVulnerability Lab, Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites (09.07.2012)
 documentVulnerability Lab, GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites (09.07.2012)
 documentVulnerability Lab, CLscript CMS v3.0 - Multiple Web Vulnerabilities (09.07.2012)
 documentMustLive, Уязвимости в LIOOSYS CMS (09.07.2012)
 documentMustLive, XSS, Redirector and FPD vulnerabilities in WordPress (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentHigh-Tech Bridge Security Research, Blind SQL Injection in Webmatic (09.07.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород