Computer Security


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:10945
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:REDAKS : RedAks 2.0
 MINDARRAY : synType CMS 0.12
 APACHE : Axis2 1.5
CVE:CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.)
Original documentdocumentZDI, ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability (23.06.2010)
 documentTiago Ferreira Barbosa, Apache Axis Session Fixation Vulnerability (23.06.2010)
 documentadvisory_(at), XSS vulnerability in Scribe CMS (23.06.2010)
 documentadvisory_(at), XSS vulnerability in Scribe CMS (23.06.2010)
 documentdavid.kurz_(at), [MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability (23.06.2010)
 documentadvisory_(at), XSS vulnerability in Scribe CMS (23.06.2010)
 documentadvisory_(at), Stored XSS vulnerability in synType CMS comment text field (23.06.2010)
 documentadvisory_(at), XSS vulnerability in the search module of synType CMS (23.06.2010)
 documentlabs_(at), CSRF in PHPWCMS 1.4.5 (23.06.2010)
Files:PHPWCMS Cross-Site Request Forgery Vulnerability exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod