Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.06.2011
SecurityVulns ID:11739
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBLOGGIE : myBloggie 2.1
 E107 : e107 0.7
 JFREE : JFreeChart 1.0
 NAGIOS : nagios 3.2
 REDMINE : redmine 1.0
 MINIBLOG : miniblog 1.0
 NETWORK13 : N-13 News 4.0
 LCINGA : lcinga 1.4
 EQDKP : EQDKP Plus 0.6
 MOVABLETYPE : movabletype 4.3
CVE:CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.)
 CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2261-1] redmine security update (19.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2263-1] movabletype-opensource security update (19.06.2011)
 documentinfo_(at), myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique (19.06.2011)
 documentPatrick Webster, JFreeChart - Path Disclosure vulnerability (19.06.2011)
 documentiPower N/A, EQDKP plus Cross Site Scripting and Bypass file extension (19.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2262-1] moodle security update (19.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23005: Multiple XSS in N-13 News (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23004: Multiple Vulnerabilities in e107 (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability (17.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod