 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 23.01.2010 | | Source: |  | | | SecurityVulns ID: |  | 10549 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | IDEACMS : IdeaCMS 1.0 | | | | DOKUWIKI : DokuWiki 2008-05-05 | | | | WSCREATOR : iBoutique 4.0 | | | | KAYAKO : Kayako SupportSuite 3.60 | | | | JOOMLA : 3D Cloud 1.3 module for Joomla | | CVE: |  | CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.) | | | | CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.) | | | | CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.) |
|
|
|
|
|
|
|
|
