Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.09.2010
Source:
SecurityVulns ID:11164
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 ENTRANS : Entrans 0.3
 COLLABNET : Subversion Edge 1.2
 MOTORITO : Motorito 2.0
 FREEPBX : FreePBX 2.8
 HORDE : imp 4.3
CVE:CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.)
Original documentdocumentMoritz Naumann, XSS in Horde IMP <=4.3.7, fetchmailprefs.php (27.09.2010)
 documentTrustwave Advisories, TWSL2010-005: FreePBX recordings interface allows remote code execution (27.09.2010)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483 (27.09.2010)
 documentsk, CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability (27.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Entrans (27.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Entrans (27.09.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Entrans (27.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in e107 (27.09.2010)
 documentMustLive, Уязвимости в CMS MYsite (27.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod