Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.03.2009
Source:
SecurityVulns ID:9736
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting. Athree CMS: information leak, SQL injection, DoS.
Affected:WEBSVN : WebSVN 2.1
 ARYANIC : HighPortal 10
 ARYANIC : HighCMS 10
 WEBID : WeBid 0.7
 WORDPRESS : WordPress MU 2.6
 MAHARA : mahara 1.0
 NEXTAPP : NextApp Echo 2.1
 TRELLISDESK : Trellis Desk 1.0
 TIKIWIKI : TikiWiki 2.2
CVE:CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.)
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.)
 CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.)
 CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.)
 CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.)
 CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.)
Original documentdocumentiliz-z_(at)_yandex.ru, TikiWiki 2.2 XSS Vulnerability in URI (12.03.2009)
 documentlarry_(at)_jlogica.com, Trellis Desk v1.0 XSS Vulnerability (12.03.2009)
 documentMustLive, Multiple vulnerabilities in Athree CMS (12.03.2009)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability (12.03.2009)
 documentsosoblood_(at)_hotmail.com, Sun Java System Communications Express [HTML Injection] (12.03.2009)
 documentDEBIAN, [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting (12.03.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (12.03.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities (12.03.2009)
 documentmr.faghani_(at)_gmail.com, Aryanic HighCMS and HighPortal multiple Vulnerabilities (12.03.2009)
 documentGENTOO, [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities (12.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod