Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.04.2009
SecurityVulns ID:9819
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. VBulletin: crossite scripting
Affected:IMP : IMP 4.1
 PHPREVISTA : Revista 1.1
 VBULLETIN : vBulletin 3.7
 ABKSOFT : AbleSpace 1.0
 PHPAGENDA : PHP-agenda 2.2
 LOGGIX : Loggix Project 9.4
 DF2 : Dynamic Flash Forum 1.0
 VBULLETIN : vbAnonymizer 3.0
CVE:CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.)
 CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.)
Original documentdocumentDSecRG, [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities (14.04.2009)
 documentMustLive, Vulnerability in vbAnonymizer for vBulletin (14.04.2009)
 documentmarianiscc_(at), Re: PHP-Revista Multiple vulnerabilities (14.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting (13.04.2009)
 documentMustLive, Re: Vulnerabilities in vBulletin (13.04.2009)
 documentSalvatore "drosophila" Fresta, Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (12.04.2009)
 documentSalvatore "drosophila" Fresta, Loggix Project 9.4.5 Blind SQL Injection (12.04.2009)
 documentSalvatore "drosophila" Fresta, PHP-agenda <= 2.2.5 Remote File Overwriting (12.04.2009)
 documentMustLive, Vulnerabilities in vBulletin (12.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod