Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.08.2009
Source:
SecurityVulns ID:10130
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DISCLOSER : Discloser 0.0
 XAMPP : XAMPP 1.6
 PHPMYADMIN : phpMyAdmin 3.2
 WORDPRESS : Dumb math captcha 1.0
 OPENCMS : OpenCMS 7.5
 SLIDESHOWPRO : SlideShowPro Director 1.3
 CSCART : CS-Cart 2.0
CVE:CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.)
 CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.)
Original documentdocumentSalvatore "drosophila" Fresta, Discloser 0.0.4-rc2 SQL Injection Vulnerability (09.08.2009)
 documentBonsai - Information Security, [BONSAI] SQL Injection in CS-Cart (09.08.2009)
 documentMANDRIVA, [ MDVSA-2009:192 ] phpmyadmin (09.08.2009)
 documentScott Miles, [CSS09-01] SlideShowPro Director File Disclosure Vulnerability (09.08.2009)
 documentkatie.french_(at)_cgifederal.com, OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error (09.08.2009)
 documentMustLive, CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP (09.08.2009)
 documentMustLive, Vulnerabilities in Dumb math captcha for WordPress (09.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod