Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 09.08.2009
Source:
SecurityVulns ID: 10130
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: DISCLOSER : Discloser 0.0
XAMPP : XAMPP 1.6
PHPMYADMIN : phpMyAdmin 3.2
WORDPRESS : Dumb math captcha 1.0
OPENCMS : OpenCMS 7.5
SLIDESHOWPRO : SlideShowPro Director 1.3
CSCART : CS-Cart 2.0
CVE: CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.)
CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.)

Original document Salvatore "drosophila" Fresta, Discloser 0.0.4-rc2 SQL Injection Vulnerability (09.08.2009)

Bonsai - Information Security, [BONSAI] SQL Injection in CS-Cart (09.08.2009)

MANDRIVA, [ MDVSA-2009:192 ] phpmyadmin (09.08.2009)

Scott Miles, [CSS09-01] SlideShowPro Director File Disclosure Vulnerability (09.08.2009)

document katie.french_(at)_cgifederal.com, OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error (09.08.2009)

MustLive, CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP (09.08.2009)

MustLive, Vulnerabilities in Dumb math captcha for WordPress (09.08.2009)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server