Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.03.2011
SecurityVulns ID:11539
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENCMS : OpenCMS 7.5
 CETERA : Cetera eCommerce 14.0
 HORDE : imp 4.3
 BBPRESS : bbPress 1.0
 CETERA : Cetera eCommerce 15.0
 SPITFIRE : Spitfire CMS 1.0
 WORDPRESS : WordPress 3.1
 WORDPRESS : BackWPup 1.6
 SIMPLYCMS : SimplisCMS 1.0
 UNIDESK : Unidesk Management Console 1.3
CVE:CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.)
Original documentdocumentnp_(at), Unidesk ReportingService Forceful Browsing Vulnerability (29.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2204-1] imp4 security update (29.03.2011)
 documentRoot_(at), SimplisCMS Remote File Disclosure Vulnerability (29.03.2011)
 documentRoot_(at), SimplisCMS SQL injection / Cross Site Scripting (29.03.2011)
 documentSense of Security, Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 (29.03.2011)
 documentMichele Orru, [AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22905: Path disclosure in Wordpress (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22904: Path disclosure in bbPress (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22903: XSS in Spitfire CMS (29.03.2011)
 documentMustLive, XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce (29.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod