Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2010
Published:15.03.2010
Source:
SecurityVulns ID:10690
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EGROUPWARE : Egroupware 1.4
 PHPFUSION : PHP-Fusion 6.01
 DRUPAL : Drupal 6.6
 PHPMYADMIN : phpMyAdmin 3.3
 PHPFUSION : PHP-Fusion 7.0
 CLANPORTAL : Clanportal 1.5
 DESKTOPONNET : DesktopOnNet 3
 DIRECTADMIN : DirectAdmin 1.35
 MOINMOIN : moinmoin 1.9
 ANANTASOFT : Ananta Gazelle 1.0
CVE:CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.)
 CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.)
 CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.)
Original documentdocumentfaghani_(at)_nsec.ir, Pars CMS SQL Injection Vulnerability (15.03.2010)
 documentfaghani_(at)_nsec.ir, Zigurrat CMS SQL Injection Vulnerability (15.03.2010)
 documentadmin_(at)_bugreport.ir, Ananta Gazelle SQL Injection Vulnerability (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface! (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities (15.03.2010)
 documentInj3ct0r.com, DirectAdmin <= v1.35.1 XSS vuln. (15.03.2010)
 documentInj3ct0r.com, deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, DesktopOnNet 3 Beta9 Local File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion-AP-7.00.2-Rus (search.php) disclosure ways (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-fusion-6-01-18 (members.php) disclosure ways (15.03.2010)
 documentMustLive, Vulnerabilities in VXDate for Joomla (15.03.2010)
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server