Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:10642
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MICROSOFT : SharePoint Server 2007
 SILVERSTRIPE : SilverStripe 2.3
 OFFICIALPORTAL : Official Portal 2007
 JQUERY : jQuery Validate 1.6
 ROUNDCUBE : Roundcube 0.3
CVE:CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.)
 CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:048 ] roundcubemail (25.02.2010)
 documentMaciej Gojny, SQL injection vulnerability in WebAdministrator Lite CMS (25.02.2010)
 documentCodeScan Labs, jQuery Validate 1.6.0 Demo Code Advisory (25.02.2010)
 documentOfer Maor, Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal (25.02.2010)
 documentinfo_(at), Official Portal 2007 Multiple Vulnerabilities (25.02.2010)
 documentSupport TEAM, SQL injection vulnerability in LiveChatNow (25.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod