 |
|
Затронутые продукты: |  | PHPMYADMIN : phpMyAdmin 2.11 | |  | PHPMYADMIN : phpMyAdmin 3.3 | |  | TYPO3 : typo3 4.3 | |  | BTNET : BugTracker.NET 3.4 | |  | WEBMATIC : Webmatic 3.0 | CVE: |  | CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.) | |  | CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.) |
Оригинальный текст |  | High-Tech Bridge Security Research, XSS vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in Webmatic (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in Auto CMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in Webmatic (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, Local File Inclusion in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSRF (CSRF) in Webmatic (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, File Content Disclosure in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in CompuCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, XSS vulnerability in TCMS (30.08.2010) |
|  | High-Tech Bridge Security Research, SQL injection vulnerability in CompuCMS (30.08.2010) |
|  | Mark van Tilburg, BugTracker.net 3.4.3 SQL Injection (30.08.2010) |
|  | DEBIAN, [SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities (30.08.2010) |
|  | DEBIAN, [SECURITY] [DSA 2098-1] New typo3-src packages fix several vulnerabilities (30.08.2010) |
Затронутые продукты: |  | KDE : KDE 4.4 | |  | KDE : KDE 4.2 | CVE: |  | CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.) |
CVE: |  | CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.) | |  | CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.) |
Затронутые продукты: |  | CISCO : Unified Communications Manager 6.1 | |  | CISCO : Unified Communications Manager 7.1 | |  | CISCO : Unified Communications Manager 8.0 | |  | CISCO : Unified Presence 6.0 | |  | CISCO : Unified Presence 7.0 | CVE: |  | CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.) | |  | CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.) | |  | CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.) | |  | CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.) | |  | CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.) | |  | CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.) |
|
|
|
|
|
|
|