Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		25.02.2010
Source:
SecurityVulns ID:		10642
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MICROSOFT : Sharepoint Server 2007
		SILVERSTRIPE : SilverStripe 2.3
		OFFICIALPORTAL : Official Portal 2007
		JQUERY : jQuery Validate 1.6
		ROUNDCUBE : Roundcube 0.3
CVE:		CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.)
		CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.)

Original document		MANDRIVA, [ MDVSA-2010:048 ] roundcubemail (25.02.2010)
		Maciej Gojny, SQL injection vulnerability in WebAdministrator Lite CMS (25.02.2010)
		CodeScan Labs, jQuery Validate 1.6.0 Demo Code Advisory (25.02.2010)
		Ofer Maor, Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal (25.02.2010)
		info_(at)_securitylab.ir, Official Portal 2007 Multiple Vulnerabilities (25.02.2010)
		Support TEAM, SQL injection vulnerability in LiveChatNow (25.02.2010)

Discuss:

Read or add your comments to this news (0 comments)