Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		02.11.2010
Source:
SecurityVulns ID:		11223
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		JOOMLA : Joomla 1.5
		MEMHT : MemHT Portal 4.0
		WEBMEDIAEXPLORER : Webmedia Explorer 6.13
		WSNLINKS : WSN Links 6.0
		WSNLINKS : WSN Links 5.1
		WSNLINKS : WSN Links 5.0
		WORDPRESS : cforms 11.5
CVE:		CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.)
		CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.)

Original document		Rodrigo Branco, cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 (02.11.2010)
		Mark Stanislav, 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) (02.11.2010)
		advisory_(at)_htbridge.ch, Stored XSS vulnerability in Webmedia Explorer (02.11.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Kandidat CMS (02.11.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Kandidat CMS (02.11.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in Kandidat CMS (02.11.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in MemHT Portal (02.11.2010)
		advisory_(at)_htbridge.ch, XSS vulnerability in MemHT Portal (02.11.2010)
		advisory_(at)_htbridge.ch, Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal (02.11.2010)

Discuss:

Read or add your comments to this news (0 comments)