Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.12.2010
Source:
SecurityVulns ID:11289
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.5
 CETERA : Cetera eCommerce 14.0
 HP : Palm webOS 1.4
 DIFERIOR : Diferior 8.03
 CMSCOUT : CMScout 2.09
 SLICKMSG : slickMsg 0.7
 LEXIPIXEL : BizDir 05.10
 PERL : CGI.pm 3.50
 PERL : CGI::Simple 1.112
 WWWTHREADS : WWWThreads 5.0
 SOLARISWINDS : Orion NPM 10.1
 NOVELL : Vibe 3
CVE:CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.)
 CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.)
Original documentdocumentHP, [security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code (12.12.2010)
 documentrobkraus_(at)_solutionary.com, Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability (12.12.2010)
 documentJohn Blakley, Multiple XSS in Solarwinds Orion NPM 10.1 (12.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : HTTP Response Splitting in WWWThreads (php version) (12.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : Non-persistent XSS in WWWThreads (perl version) (12.12.2010)
 documentMANDRIVA, [ MDVSA-2010:250 ] perl-CGI-Simple (12.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : Non-persistent XSS in BizDir (12.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : Non-persistent XSS in slickMsg (12.12.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in CMScout (12.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Diferior (12.12.2010)
 documentHigh-Tech Bridge Security Research, Cross Site Scripting vulnerability in Diferior (12.12.2010)
 documentMustLive, Новые уязвимости в Joomla (12.12.2010)
 documentMustLive, Новые уязвимости в Cetera eCommerce (12.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod