Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.10.2009
Source:
SecurityVulns ID:10292
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENX : OpenX 2.6
 OPENX : OpenX 2.8
 HYPERIC : Hyperic HQ 3.2
 SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 PBBOARD : PBBoard 2.0
CVE:CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information.)
Original documentdocumentadmin_(at)_sec-area.com, [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic (06.10.2009)
 documentadmin_(at)_sec-area.com, [Advisory]PBBoard <=2.0.2 Full Path Disclosure (06.10.2009)
 documentpalmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
 documentMustLive, New vulnerabilities in OpenX (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace (06.10.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0812-Hyperic HQ Multiple XSS (06.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod