Computer Security
[EN] securityvulns.ru
no-pyccku

  

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:23.06.2010
Source:
SecurityVulns ID:10945
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:REDAKS : RedAks 2.0
 PHPWCMS : PHPWCMS 1.4
 MINDARRAY : synType CMS 0.12
 APACHE : Axis2 1.5
CVE:CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.)
Original documentdocumentZDI, ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability (23.06.2010)
 documentTiago Ferreira Barbosa, Apache Axis Session Fixation Vulnerability (23.06.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability (23.06.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Scribe CMS (23.06.2010)
 documentadvisory_(at)_htbridge.ch, Stored XSS vulnerability in synType CMS comment text field (23.06.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in the search module of synType CMS (23.06.2010)
 documentlabs_(at)_redteamsecure.com, CSRF in PHPWCMS 1.4.5 (23.06.2010)
Files:PHPWCMS Cross-Site Request Forgery Vulnerability exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru