Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11681
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APACHE : Struts 2.2
 WORDPRESS : Easy Contact 0.1
 PHPCAPTCHA : PHPCaptcha 2.0
 TWIKI : TWiki 5.0
 ZEACOM : Zeacom Chat Application 5.0
 CUBELABS : PHP Calendar Basic 2.3
CVE:CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.)
 CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.)
 CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.)
Original documentdocumentHigh-Tech Bridge Security Research, HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic (21.05.2011)
 documentDaniel Clemens, CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability (21.05.2011)
 documentNetsparker Advisories, XSS vulnerability in TWiki < 5.0.2 (21.05.2011)
 documentlists_(at), PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007 (21.05.2011)
 documentmarian.ventuneac_(at), Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure (21.05.2011)
 documentMustLive, Уязвимости в Easy Contact для WordPress (21.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod