Computer Security

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.01.2011
Source:
SecurityVulns ID:11343
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPNUK : PHP-Nuke 8.1
 WIKLINK : WikLink 0.1
 WHCMS : whCMS 0.115
 CAMBIOCMS : Cambio 0.5
 DIAFAN : diafan.CMS 4.3
 VAMSOFT : VaM Shop 1.6
 ENERGINE : Energine 2.3
 JAFCMS : JAF-CMS 4.0
 MHONARC : MHonArc 2.6
CVE:CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.)
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.)
Original documentdocumentMustLive, XSS и IAA уязвимости в PHP-Nuke (11.01.2011)
 documentMANDRIVA, [ MDVSA-2011:003 ] MHonArc (11.01.2011)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "fold" and "site" SQL Injections in WikLink (11.01.2011)
 documentchin4b0y, Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2 (11.01.2011)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclosure in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Cambio (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in whCMS (11.01.2011)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod