 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 12.03.2009 | | Source: |  | | | SecurityVulns ID: |  | 9736 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
PHPSlideshow: crossite scripting.
Athree CMS: information leak, SQL injection, DoS.
|
| Affected: |  | WEBSVN : WebSVN 2.1 | | | | ARYANIC : HighPortal 10 | | | | ARYANIC : HighCMS 10 | | | | WEBID : WeBid 0.7 | | | | WORDPRESS : WordPress MU 2.6 | | | | MAHARA : mahara 1.0 | | | | NEXTAPP : NextApp Echo 2.1 | | | | TRELLISDESK : Trellis Desk 1.0 | | | | TIKIWIKI : TikiWiki 2.2 | | CVE: |  | CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.) | | | | CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.) | | | | CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.) | | | | CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.) | | | | CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.) | | | | CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.) |
| Original document |  | iliz-z_(at)_yandex.ru, TikiWiki 2.2 XSS Vulnerability in URI (12.03.2009) |
| | | larry_(at)_jlogica.com, Trellis Desk v1.0 XSS Vulnerability (12.03.2009) |
| | | MustLive, Multiple vulnerabilities in Athree CMS (12.03.2009) |
| | | Daniel Fabian, SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability (12.03.2009) |
| | | sosoblood_(at)_hotmail.com, Sun Java System Communications Express [HTML Injection] (12.03.2009) |
| | | DEBIAN, [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting (12.03.2009) |
| | | ISecAuditors Security Advisories, [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (12.03.2009) |
| | | vuln_(at)_e-rdc.org, [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities (12.03.2009) |
| | | mr.faghani_(at)_gmail.com, Aryanic HighCMS and HighPortal multiple Vulnerabilities (12.03.2009) |
| | | GENTOO, [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities (12.03.2009) |
|
|
|
|
|
|
|
|
