Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2010
Published:15.03.2010
Source:
SecurityVulns ID:10690
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EGROUPWARE : Egroupware 1.4
 PHPFUSION : PHP-Fusion 6.01
 DRUPAL : Drupal 6.6
 PHPMYADMIN : phpMyAdmin 3.3
 PHPFUSION : PHP-Fusion 7.0
 CLANPORTAL : Clanportal 1.5
 DESKTOPONNET : DesktopOnNet 3
 DIRECTADMIN : DirectAdmin 1.35
 MOINMOIN : MoinMoin 1.9
 ANANTASOFT : Ananta Gazelle 1.0
CVE:CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.)
 CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.)
 CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.)
Original documentdocumentfaghani_(at)_nsec.ir, Pars CMS SQL Injection Vulnerability (15.03.2010)
 documentfaghani_(at)_nsec.ir, Zigurrat CMS SQL Injection Vulnerability (15.03.2010)
 documentadmin_(at)_bugreport.ir, Ananta Gazelle SQL Injection Vulnerability (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface! (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities (15.03.2010)
 documentInj3ct0r.com, DirectAdmin <= v1.35.1 XSS vuln. (15.03.2010)
 documentInj3ct0r.com, deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, DesktopOnNet 3 Beta9 Local File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion-AP-7.00.2-Rus (search.php) disclosure ways (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-fusion-6-01-18 (members.php) disclosure ways (15.03.2010)
 documentMustLive, Vulnerabilities in VXDate for Joomla (15.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod