Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.08.2010
Source:
SecurityVulns ID:11070
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUIRRELMAIL : squirrelmail 1.4
 MAPSERVER : mapserver 5.6
 WORDPRESS : WordPress 3.0
 SYNTAXCMS : SyntaxCMS 1.3
 HU:LIHAN : Onyx 0.3
 HULIHAN : Mystic 0.1
CVE:CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.)
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.)
 CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.)
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Edit-X CMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution (14.08.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod