Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.03.2010
Published:18.03.2010
Source:
SecurityVulns ID:10694
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EFRONT : eFront 3.5
 NENSOR : Nensor CMS 2.01
 QuickSilver : Quicksilver Forums 1.4
 POWERDNS : PowerDNS Administrator 1.1
 QSF : QSF Portal 1.4
 SAHANA : Sahana 0.6
 SOOFTSAURUS : SOFTSAURUS 2.01
 DOJO : Dojo Toolkit SDK 1.4
CVE:CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.)
Original documentdocumentInj3ct0r.com, SweetRice 0.6.0 Remote File Inclusion Vulnerabilities (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)
 documentedgard.chammas_(at)_beyond-security.org, Sun Java System Communication Express CSRF via HPP (18.03.2010)
 documentlabs_(at)_gdssecurity.com, Multiple DOM-Based XSS in Dojo Toolkit SDK (18.03.2010)
 documentJeromie Jackson, SugarCRM Stored XSS vulnerability (18.03.2010)
 documentInj3ct0r.com, SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities (18.03.2010)
 documentChristopher, CORE-2010-0311 - eSahana 0.6.2.2 Authentication Bypass (18.03.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Backup Information Disclosure (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod