Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:7217
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JPORTAL : Jportal 2.3
 JOOMLA : Joomla! 1.0
 DOTCLEAR : Dotclear 1.2
 CPANEL : cPanel 11
CVE:CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
 CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.)
 CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.)
 CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.)
 CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.)
 CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.)
 CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.)
 CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.)
Original documentdocumentcrazy_king_(at), Inertia News Remote File İnclude (13.02.2007)
 documentbl4ck_(at), XSS in eWay (13.02.2007)
 documentbl4ck_(at), XSS in lighttpd (13.02.2007)
 documentbl4ck_(at), XSS in communityserver ! (13.02.2007)
 documentbl4ck_(at), XSS in JBoss Portal (13.02.2007)
 documentme you, Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability (13.02.2007)
 documentclaxus_(at), Radical Technologies - Portal Search- multiple XSS issue (13.02.2007)
 documentdzitu_(at), Jportal 2.3.1 CSRF vulnerability (13.02.2007)
 documentraphael.huck_(at), DotClear Full Path Disclosure Vulnerability (13.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod