Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		19.01.2010
Source:
SecurityVulns ID:		10534
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		EZCONTENTS : ezContents 2.0
		ROUNDCUBE : Roundcube Webmail 0.2
		ZENOSS : Zenoss 2.3
		XOOPS : Xoops 2.4
CVE:		CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.)
		CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.)

Original document		admin_(at)_bugreport.ir, Blaze Apps Multiple Vulnerabilities (19.01.2010)
		admin_(at)_bugreport.ir, ezContents CMS Multiple Vulnerabilities (19.01.2010)
		MANDRIVA, [ MDVSA-2010:015 ] roundcubemail (19.01.2010)
		CodeScan Labs, Multiple Vulnerabilities in XOOPS 2.4.3 and earlier (19.01.2010)
		Adam Baldwin, Zenoss Multiple Admin CSRF (19.01.2010)

Discuss:

Read or add your comments to this news (0 comments)