Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.03.2010
Source:
SecurityVulns ID:10711
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 UWCMS : Universal Web CMS 1.0
 INSTANTCMS : Instant CMS 1.1
 PULSECMS : Pulse CMS 1.2
 SPRINGSOURCE : Hyperic HQ 4.2
 OPENCMS : OAMP comments module 1.0
 DISCUZ : Discuz! 7.0
CVE:CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.)
 CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.)
 CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields.")
Original documentdocumentlis cker, "$referer" export lead to the cross-site flaws in all versions of Discuz! (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability (24.03.2010)
 documentCyrill Brunschwiler, CVE-2009-4505 OpenCMS OAMP Comments Module XSS (24.03.2010)
 documents2-security, CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability (24.03.2010)
 documenteidelweiss, Joomla component com_universal <= Remote File Inclusion Vulnerability exploit (24.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod