Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.09.2009
Source:
SecurityVulns ID:		10271
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		HORDE : Horde 3.2
		CKEDITOR : CKEditor 3.0
		1C : Bitrix WAF 8.0
		1C : Bitrix 8.0
		UMICMS : UMI CMS 2.7
		HORDE : Horde 3.3
CVE:		CVE-2009-3236 (Unspecified vulnerability in the form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files via crafted "image form fields.")

Original document		DEBIAN, [SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution (28.09.2009)
		ONSEC, [ONSEC-09-010] Undersky CMS SQL injection (28.09.2009)
		ONSEC, [ONSEC-09-017] Blogolet PHP including (28.09.2009)
		ONSEC, [ONSEC-09-016] Blogolet XSS (28.09.2009)
		ONSEC, [ONSEC-09-012] UMI.CMS Hash based Captcha (28.09.2009)
		ONSEC, [ONSEC-09-011] UMI.CMS Multiple XSS (28.09.2009)
		ONSEC, [ONSEC-09-013] 1C Bitrix 8.0.5 Admin Console XSS (28.09.2009)
		ONSEC, [ONSEC-09-014] 1C Bitrix WAF multiple XSS (28.09.2009)
		MustLive, XSS and Content Spoofing vulnerabilities in CKEditor (28.09.2009)

Discuss:

Read or add your comments to this news (0 comments)