Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.03.2011
Source:
SecurityVulns ID:11543
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAHARA : mahara 1.2
 MAXSITE : MaxSite Anti Spam Image 0.6
 COLLABTIVE : Collabtive 0.6
 FENGOFFICE : Feng Office 1.7
 TINE20 : Tine 2.0
 INTERRA : InTerra Blog Machine 1.84
 WESPADIGITAL : WESPA PHP Newsletter 3.0
 TRACKS : Tracks 1.7
 GRAPECITY : Grapecity DataDynamics Report Library 1.6
 APHPKB : Andy's PHP Knowledgebase 0.95
CVE:CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.)
 CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.)
 CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.)
Original documentdocumentMark Stanislav, 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) (31.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities (31.03.2011)
 documentdavid.daly_(at)_dionach.com, DataDynamics Report Library CoreHandler XSS (31.03.2011)
 documentNetsparker Advisories, XSS Vulnerability in Tracks 1.7.2 (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "Simple PHP Newsletter" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "Simple PHP Newsletter" Remote Admin Password Change With install path (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22931: XSS vulnerability in InTerra Blog Machine (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22909: Path disclosure in Tine 2.0 (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22910: XSRF (CSRF) in Feng Office (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22908: XSRF (CSRF) in Collabtive (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22906: XSS vulnerabilities in Collabtive (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22907: Directory Traversal in Collabtive (31.03.2011)
 documentMustLive, Уязвимость в MaxSite Anti Spam Image (31.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod