Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 18.03.2010
Published:		18.03.2010
Source:
SecurityVulns ID:		10694
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		EFRONT : eFront 3.5
		NENSOR : Nensor CMS 2.01
		QuickSilver : Quicksilver Forums 1.4
		POWERDNS : PowerDNS Administrator 1.1
		QSF : QSF Portal 1.4
		SAHANA : Sahana 0.6
		SOOFTSAURUS : SOFTSAURUS 2.01
		DOJO : Dojo Toolkit SDK 1.4
CVE:		CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.)

Original document		Inj3ct0r.com, SweetRice 0.6.0 Remote File Inclusion Vulnerabilities (18.03.2010)
		Inj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)
		edgard.chammas_(at)_beyond-security.org, Sun Java System Communication Express CSRF via HPP (18.03.2010)
		labs_(at)_gdssecurity.com, Multiple DOM-Based XSS in Dojo Toolkit SDK (18.03.2010)
		Jeromie Jackson, SugarCRM Stored XSS vulnerability (18.03.2010)
		Inj3ct0r.com, SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities (18.03.2010)
		Christopher, CORE-2010-0311 - eSahana 0.6.2.2 Authentication Bypass (18.03.2010)
		CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability (18.03.2010)
		SECUNIA, Secunia Research: Quicksilver Forums Backup Information Disclosure (18.03.2010)
		SECUNIA, Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability (18.03.2010)
		SECUNIA, Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure (18.03.2010)
		Inj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)

Discuss:

Read or add your comments to this news (0 comments)