Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.12.2008
Published:14.12.2008
Source:
SecurityVulns ID:9502
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user.
Affected:EZ : ez publish 3.10
 EZ : ez publish 4.0
 PRESTASHOP : PrestaShop 1.1
 PHPEPPERSHOP : PHPepperShop 1.4
 XOOPS : XOOPS 2.3
Original documentdocumentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 с активацией учетной записи (14.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentth3.r00k_(at)_gmail.com, XSS in PHPepperShop v 1.4 (10.12.2008)
 documentth3.r00k_(at)_gmail.com, Two XSS Flaws in PrestaShop 1.1.0.3 (10.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Joomla Component mydyngallery (10.12.2008)
 documentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 (10.12.2008)
Files:eZ Publish privilege escalation exploit by s4avrd0w
 eZ Publish OS Commanding executing exploit by s4avrd0w
 EZ publish exploit with admin account activization

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod