Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.08.2011
Source:
SecurityVulns ID:11881
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : JCE Joomla Extension 2.0
 LIFESIZEROOM : LifeSize Room 3.5
 LIFESIZEROOM : LifeSize Room 4.7
 AXWAY : SecureTransport 4.8
 IBM : IBM Open Admin Tool 2.27
CVE:CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.)
 CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.)
Original documentdocumentEhsan_Hp200_(at)_hotmail.com, webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentsk, XSS in IBM Open Admin Tool (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentJose Carlos de Arriba, [Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, phpWebSite (publisher) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal (30.08.2011)
 documentsmcintyre_(at)_securestate.net, LifeSize Room Vulnerabilities (30.08.2011)
 documentadmin_(at)_bugreport.ir, JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities (30.08.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod