Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.12.2010
Source:
SecurityVulns ID:11310
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SLICKMSG : slickMsg 0.7
 POINTERPHP : Pointter PHP Content Management System 1.0
 SOCIALSHARE : Social Share 2010-06-05
CVE:CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.)
 CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.)
 CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php.)
Original documentdocumentCHECKPOINT, Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277 (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "link" and "linkdescription" XSS in Social Share (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share (17.12.2010)
 documentProCheckUp Research, PR10-06: Cross-domain redirect on PGP Universal Web Messenger (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "error" Non-persistent XSS in slickMsg (17.12.2010)
 documentMustLive, Новые уязвимости в eSitesBuilder (17.12.2010)
 documentMark Stanislav, 'Pointter PHP Micro-Blogging Social 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332) (17.12.2010)
 documentMark Stanislav, 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333) (17.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod