Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.07.2011
Source:
SecurityVulns ID:11803
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPMYADMIN : phpMyAdmin 3.3
 MAPSERVER : mapserver 5.6
 PHPMYADMIN : phpMyAdmin 3.4
 VBULLETIN : Vbulletin 4.1
 JOOMLA : Joomla 1.7
 KOHA : Koha Library Software 3.2
 KOHA : Koha Library Software 3.4
 SITRACKER : Support Incident Tracker 3.63
CVE:CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.)
 CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2285-1] mapserver security update (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, PHP-Barcode 0.3pl1 Remote Code Execution (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (directory.php?cid) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (pages.php?page) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Precision (products.php?cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability (26.07.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker (26.07.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-05] Cross-Site Scripting in Koha Library Software (26.07.2011)
 documentHigh-Tech Bridge Security Research, XSS in Tiki Wiki CMS Groupware (26.07.2011)
 documentfb1h2s Hack 2 Secure, Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability (26.07.2011)
 documenth_(at)_xxor.se, phpMyAdmin 3.x Conditional Session Manipulation (26.07.2011)
 documentspamgoeshere_(at)_stevenroddis.com, phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability (26.07.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities (26.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod