Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.01.2008
Source:
SecurityVulns ID:8557
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MTCMS : MTCMS 2.0
 MOODLE : Moodle 1.8
CVE:CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.)
Original documentdocumentrlavertu, [Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001 (12.01.2008)
 documentHanno Bock, [Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3 (12.01.2008)
 documentmorin.josh_(at)_gmail.com, Naymz multiple XSS (12.01.2008)
 documentship_nx_(at)_yahoo.com, Member Area System (MAS) Remote File Include Vulnerability (view_func.php) (12.01.2008)
 documentdb_(at)_rawsecurity.org, ImageAlbum Remote SQL Injection Vulnerabilities (12.01.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, MTCMS <=2.0 SQL Injection Vulnerbility (12.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod