Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.11.2010
Source:
SecurityVulns ID:11229
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZENCART : Zen Cart 1.3
 JAFCMS : JAF CMS 4.0
 MOZILLA : Bugzilla 3.2
 EOCMS : eoCMS 0.9
 MOZILLA : Bugzilla 3.4
 TEXTPATTTERN : Textpattern CMS 4.2
 MINIBB : MiniBB 2.5
 BASICCMS : SweetRice CMS 0.6
 BUGZILLA : Bugzilla 3.6
 BUGZILLA : Bugzilla 3.7
CVE:CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.)
 CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.)
Original documentdocumentBUGZILLA, Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 (04.11.2010)
 documentSalvatore "drosophila" Fresta, Zen Cart 1.3.9h Local File Inclusion Vulnerability (04.11.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Adsoft Remote Sql Injection Vulnerability (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Reset admin password in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Shell create & command execution in JAF CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, RFI in JAF CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, BBcode XSS in MiniBB (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in MiniBB (04.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in Textpattern CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, LFI in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Path disclosure in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, LFI in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, BBcode XSS in eoCMS (04.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod