Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.03.2010
Source:
SecurityVulns ID:10726
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VIEWVC : ViewVC 1.0
 APACHE : ActiveMQ 5.3
 OXID : eShop EE 4.2
 VIEWVC : viewvc 1.1
 PHOTOPOST : vBGallery 2.5
 OSSIM : OSSIM 2.2
CVE:CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.)
 CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.)
Original documentdocumentnicolas.grandjean_(at)_conix.fr, Multiple XSS vulnerabilities in OSSIM 2.2.1 (31.03.2010)
 documentAndreas Kirbach, SQL Injection Vulnerabilitie in PhotoPost vBGallery 2.5 (31.03.2010)
 documentinfo_(at)_securitylab.ir, XSS vulnerability in easy page cms (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_xmap Sql Injection Vulnerability (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_weblinks Sql Injection Vulnerability (31.03.2010)
 documentSECUNIA, Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting (31.03.2010)
 documentmichael.mueller_(at)_integralis.com, OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities (31.03.2010)
 documentrajat swarup, CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability (31.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod