Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11912
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EZ : eZ Flash Tag Cloud 1.0
 SIT : Support Incident Tracker 3.64
 MANAGEENGINE : ServiceDesk Plus 8.0
 NORTEL : Nortel Contact Recording Centralized Archive 6.5
CVE:CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.)
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.)
Original documentdocumentrgod, Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked –•SS vulnerability (by ERPScan) (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan) (20.09.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (20.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in SiT! Support Incident Tracker (20.09.2011)
 documentMustLive, Update: Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (20.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod