Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.05.2011
Source:
SecurityVulns ID:11662
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:POMMO : poMMo 16.1
 CALENDARIX : Calendarix 0.8
 OMFAX : KeyFax 3.2
 APACHE : Struts 2.2
CVE:CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.)
Original documentdocumentmarian.ventuneac_(at)_gmail.com, Apache Struts 2 Multiple Reflected XSS in XWork error pages (11.05.2011)
 documentProCheckUp Research, PR10-17 Various XSS and information disclosure flaws within KeyFax response management system (11.05.2011)
 documentPatrick Webster, OSI Security: Civica Spydus Library Management System (LMS) - Cross-Site Scripting Vulnerability (11.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22975: SQL injection in Calendarix (11.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22974: Multiple XSS in Calendarix (11.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22977: XSRF (CSRF) in poMMo (11.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo (11.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod