Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.03.2010
Source:
SecurityVulns ID:10677
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DVBBS : Dvbbs 7.1
 DVBBS : Dvbbs 8.2
 TYPO3 : typo3 4.2
 WORDPRESS : WordPress 2.9
 KANDIDATCMS : Kandidat CMS 1.3
 CHATON : Chaton 1.5
 TDIARY : tdiary 2.2
 TIMECLOCKSOFTWAR : Employee Timeclock 0.99
 BBSMAX : BBSMAX 4.2
 BBSMAX : BBSMAX 4.1
 BBSMAX : BBSMAX 3.0
 TYPO3 : typo3 4.3
 CROOGO : Croogo CMS 1.2
 BBSXP : BBSXP 2008
 CA : SiteMinder 6.0
CVE:CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.)
 CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name.")
 CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.)
Original documentdocumentInj3ct0r.com, Kandidat CMS versions 1.3.1 Cross Site Scripting Vulnerability (11.03.2010)
 documentYaniv Miron, Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability (11.03.2010)
 documentCA, CA20100304-01: Security Notice for CA SiteMinder (11.03.2010)
 documentlis cker, [xss] a xss on "ThreadID" parameter in BBSXP 2008 from china (11.03.2010)
 documentMaciej Gojny, SQL injection vulnerability in Natychmiast CMS (11.03.2010)
 documentlis cker, [xss] a xss on "action" parameter in BBSMAX (11.03.2010)
 documentlis cker, [XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0 (11.03.2010)
 documentMaciej Gojny, SQL injection vulnerability in wILD CMS (11.03.2010)
 documentPaulino Calderon, Croogo CMS 1.2 Cross Site Scripting Vulnerabilities (11.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities (11.03.2010)
 documentlis cker, [xss] a xss on "threadid" parameter in BBSMAX (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software Backup Information Disclosure (11.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting (11.03.2010)
 documentInj3ct0r.com, Chaton <= 1.5.2 Local File Include Vulnerability (11.03.2010)
 documentMustLive, Brute Force and Insufficient Authorization vulnerabilities in WordPress (11.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod