Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.02.2011
Source:
SecurityVulns ID:11437
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DJANGO : django 1.2
 SEOPANEL : Seo Panel 2.2
 CHERRYSOFTWARE : Wikipad 1.6
 GOLLOS : Gollos 2.8
 ARTGKCMS : ArtGK CMS
 ARTICFOX : Arctic Fox CMS 0.9
 CHERRYSOFTWARE : Photopad 1.2
 XARAYA : Xaraya 2.2
CVE:CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.)
 CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2163-1] python-django security update (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22829: Path disclosure in Xaraya (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22828: Multiple XSS vulnerabilities in Photopad (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22827: File Content Disclosure in Wikipad (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22833: Information Disclosure in Arctic Fox CMS (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22832: Path disclosure in ArtGK CMS (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22831: XSS vulnerability in Gollos (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22830: Multiple XSS vulnerabilities in Gollos (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22826: Multiple XSS vulnerabilities in Wikipad (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22825: SQL Injection in Seo Panel (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22824: SQL Injection in Seo Panel (15.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22823: SQL Injection in Seo Panel (15.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod