Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.06.2010
Source:
SecurityVulns ID:10940
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SPRINGSOURCE : Spring Framework 3.0
 SPRINGSOURCE : Spring Framework 2.5
 REDAKS : RedAks 2.0
CVE:CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.)
Original documentdocumentMustLive, Vulnerabilities in eSitesBuilder (20.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-074]CMS RedAks 2.0 - Multiple Cross-site Scripting issues (20.06.2010)
 documents2-security, CVE-2010-1622: Spring Framework execution of arbitrary code (20.06.2010)
 documentLaurent OUDOT at TEHTRI-Security, TEHTRI-Security released 13 0days against web tools used by evil attackers (20.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod