Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		27.09.2010
Source:
SecurityVulns ID:		11164
Type:		remote
Threat Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		E107 : e107 0.7
		ENTRANS : Entrans 0.3
		COLLABNET : Subversion Edge 1.2
		MOTORITO : Motorito 2.0
		FREEPBX : FreePBX 2.8
		HORDE : imp 4.3
CVE:		CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.)

Original document		Moritz Naumann, XSS in Horde IMP <=4.3.7, fetchmailprefs.php (27.09.2010)
		Trustwave Advisories, TWSL2010-005: FreePBX recordings interface allows remote code execution (27.09.2010)
		ISecAuditors Security Advisories, [ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483 (27.09.2010)
		sk, CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability (27.09.2010)
		High-Tech Bridge Security Research, SQL injection vulnerability in Entrans (27.09.2010)
		High-Tech Bridge Security Research, SQL injection vulnerability in Entrans (27.09.2010)
		High-Tech Bridge Security Research, XSS vulnerability in Entrans (27.09.2010)
		High-Tech Bridge Security Research, SQL injection vulnerability in e107 (27.09.2010)
		MustLive, Уязвимости в CMS MYsite (27.09.2010)