Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.11.2010
Source:
SecurityVulns ID:11266
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 4.0
 SIMPLISTIC : SimpLISTic 2.0
 MCGGUESTBOOK : MCG GuestBook 1.0
 HOTLINKSLITE : Hot Links Lite 1.0
 HOTLINKSSQL : Hot Links SQL 3.2
 AXSCRIPTS : AxsLinks 0.3
 CHCOUNTER : chCounter 3.1
 COMPACTCMS : CompactCMS 1.4
 VTIGER : vTiger CRM 5.2
 FREESIMPLESOFT : Free Simple Software 1.0
CVE:CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.)
Original documentdocumentMark Stanislav, 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) (24.11.2010)
 documentadvisories_(at)_intern0t.net, vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization (24.11.2010)
 documentascii, Vtiger CRM 5.2.0 Multiple Vulnerabilities (24.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in CompactCMS (24.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in CompactCMS (24.11.2010)
 documentSoporte CERT, Multiple vulnerabilities in chCounter <= 3.1.3 (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] Cookie Auth Bypass in Hot Links SQL (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] URL and Title XSS in AxsLinks (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version) (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] url XSS in Hot Links Lite (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] sitename XSS in Hot Links Lite (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] Multiple XSS in MCG GuestBook (24.11.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] email XSS in SimpLISTic (24.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod