Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.04.2009
Source:
SecurityVulns ID:9793
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 OPENX : OpenX 2.6
 FAMILYCMS : Family Connections 1.8
 ASBRUSOFT : Asbru Web Content Management 6.5
 ASBRUSOFT : Asbru Web Content Management 6.6
 FILETHINGIE : File Thingie 2.5
 OPENX : OpenX 2.7
 Q2SOLUTIONS : ConnX 4.0
CVE:CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.)
Original documentdocumentrgod, glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit (03.04.2009)
 documentPatrick Webster, Q2 Solutions ConnX - SQL Injection Vulnerability (03.04.2009)
 documentOPENX, [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities (03.04.2009)
 documentpublists_(at)_enablesecurity.com, OpenX 2.6.4 multiple vulnerabilities (03.04.2009)
 documentlaurent.desaulniers_(at)_gmail.com, OSCommerce Session Fixation Vulnerability (03.04.2009)
 documentXiaShing_(at)_gmail.com, Remote access vulnerability using File Thingie v2.5.4 (03.04.2009)
 documentSalvatore "drosophila" Fresta, Family Connections 1.8.2 Arbitrary File Upload (03.04.2009)
 documentPatrick Webster, Asbru Web Content Management Vulnerabilities (03.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1761-1] New moodle packages fix file disclosure (03.04.2009)
Files:Family Connections <= 1.8.2 - Remote Shell Upload Exploit
 glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod