Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.06.2011
Published:15.06.2011
Source:
SecurityVulns ID:11738
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBMIN : Webmin 1.540
 MICROSOFT : Lync Server 2010
CVE:CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.)
 CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2259-1] fex security update (15.06.2011)
 documentbede_(at)_foofus.net, Javascript Injection in Microsoft Lync 4.0.7577.0 (15.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod