Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11881
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : JCE Joomla Extension 2.0
 LIFESIZEROOM : LifeSize Room 3.5
 LIFESIZEROOM : LifeSize Room 4.7
 AXWAY : SecureTransport 4.8
 IBM : IBM Open Admin Tool 2.27
CVE:CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.)
 CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.)
Original documentdocumentEhsan_Hp200_(at), webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentsk, XSS in IBM Open Admin Tool (30.08.2011)
 documentEhsan_Hp200_(at), bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentJose Carlos de Arriba, [Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting (30.08.2011)
 documentEhsan_Hp200_(at), phpWebSite (publisher) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at), Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at), Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at), Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentEhsan_Hp200_(at), Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability (30.08.2011)
 documentddivulnalert_(at), DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal (30.08.2011)
 documentsmcintyre_(at), LifeSize Room Vulnerabilities (30.08.2011)
 documentadmin_(at), JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities (30.08.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod