Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		23.06.2010
Source:
SecurityVulns ID:		10945
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		REDAKS : RedAks 2.0
		PHPWCMS : PHPWCMS 1.4
		MINDARRAY : synType CMS 0.12
		APACHE : Axis2 1.5
CVE:		CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.)

Original document		ZDI, ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability (23.06.2010)
		Tiago Ferreira Barbosa, Apache Axis Session Fixation Vulnerability (23.06.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
		david.kurz_(at)_majorsecurity.net, [MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability (23.06.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
		advisory_(at)_htbridge.ch, Stored XSS vulnerability in synType CMS comment text field (23.06.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in the search module of synType CMS (23.06.2010)
		labs_(at)_redteamsecure.com, CSRF in PHPWCMS 1.4.5 (23.06.2010)

Files:		PHPWCMS Cross-Site Request Forgery Vulnerability exploit
Discuss:		Read or add your comments to this news (0 comments)