Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11266
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 4.0
 HOTLINKSLITE : Hot Links Lite 1.0
 HOTLINKSSQL : Hot Links SQL 3.2
 AXSCRIPTS : AxsLinks 0.3
 CHCOUNTER : chCounter 3.1
 COMPACTCMS : CompactCMS 1.4
 VTIGER : vTiger CRM 5.2
 FREESIMPLESOFT : Free Simple Software 1.0
CVE:CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.)
Original documentdocumentMark Stanislav, 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) (24.11.2010)
 documentadvisories_(at), vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization (24.11.2010)
 documentascii, Vtiger CRM 5.2.0 Multiple Vulnerabilities (24.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in CompactCMS (24.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in CompactCMS (24.11.2010)
 documentSoporte CERT, Multiple vulnerabilities in chCounter <= 3.1.3 (24.11.2010)
 documentAliaksandr Hartsuyeu, [] Cookie Auth Bypass in Hot Links SQL (24.11.2010)
 documentAliaksandr Hartsuyeu, [] URL and Title XSS in AxsLinks (24.11.2010)
 documentAliaksandr Hartsuyeu, [] report.cgi SQL inj in Hot Links SQL (CGI version) (24.11.2010)
 documentAliaksandr Hartsuyeu, [] url XSS in Hot Links Lite (24.11.2010)
 documentAliaksandr Hartsuyeu, [] sitename XSS in Hot Links Lite (24.11.2010)
 documentAliaksandr Hartsuyeu, [] Multiple XSS in MCG GuestBook (24.11.2010)
 documentAliaksandr Hartsuyeu, [] email XSS in SimpLISTic (24.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod