Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.08.2010
Source:
SecurityVulns ID:11093
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOINMOIN : MoinMoin 1.9
 MAGIOS : Nagios XI 2009
 BLASTCHAT : BlastChat 3.3
CVE:CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.)
 CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.)
 CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.)
Original documentdocumentAdam Baldwin, Nagios XI users.php SQL Injection (26.08.2010)
 documentUBUNTU, [USN-977-1] MoinMoin vulnerabilities (26.08.2010)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies Research] Open Source WebEngine and Web Crawler v.0.2 is out! (26.08.2010)
 documentYGN Ethical Hacker Group, Joomla! Component com_bc Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentYGN Ethical Hacker Group, Joomla! Component com_bcaccount Persistent Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentYGN Ethical Hacker Group, BlastChat Chat Client Component version 3.3 <= Cross Script Scripting (XSS) Vulnerability (26.08.2010)
 documentMustLive, Многочисленные уязвимости в eSitesBuilder (26.08.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod