Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.04.2011
Published:27.04.2011
Source:
SecurityVulns ID:11622
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPLIST : phpList 2.10
 TIMTHUMB : TimThumb 1.24
 WEBMIN : Webmin 1.540
 AFFINITY : BuddyPress 1.2
 COTONI : Cotonti 0.9
 WORDPRESS : WP-Ajax-Recent-Posts 1.0
 Noah's Classifieds 5.0
CVE:CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.)
 CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentMustLive, Code Execution в WordPress 2.5 - 3.1.1 (27.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (27.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22956: XSS vulnerabilities in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22957: XSRF (CSRF) in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22952: XSS vulnerabilities in Noah's Classifieds (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22953: XSS in Max's PHP Photo Album (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22954: Path disclousure in yappa-ng Photo Gallery (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22948: Path disclosure in Cotonti (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22955: Path disclosure in BuddyPress WordPress plugin (26.04.2011)
 documentHP, [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection (26.04.2011)
 documentMustLive, Уязвимости во многих темах и компонентвх для Joomla (26.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (26.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod