Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11920
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PUNBB : PunBB 1.3
 S9Y : Serendipity 1.5
 FREEHELPDESK : Help Desk Software 1.1
 AWSTATS : AWStats 6.0
 AWSTATS : AWStats 7.0
 TWIKI : TWiki 5.1
 SECUREURL : secureURL 2.0
 ANELECTRON : Advanced Electron Forums 1.0
 FLYNAX : General Classifieds Software 3.2
 FLYNAX : Auto Classifieds Script 3.2
 FLYNAX : Real Estate Classifieds 3.2
 FLYNAX : Pets Classifieds Software 3.2
 ADAPTCMS : AdaptCMS 2.0
 ICEWARP : IceWarp Mail Server 10.3
CVE:CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.)
 CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.)
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to in the SlideShowPlugin.)
Original documentdocumentTrustwave Advisories, TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server (26.09.2011)
 documentAmir_(at), PunBB 1.3.6 bug (26.09.2011)
 documentsschurtz_(at), Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability (26.09.2011)
 documentsschurtz_(at), AdaptCMS 2.0.1 Multiple security vulnerabilities (26.09.2011)
 documentNasel Pentest, Vulnerability found in Flynax Classifieds products (26.09.2011)
 documentSohil Garg, [CVE-2011-3645] Multiple vulnerability in "Omnidocs" (26.09.2011)
 documentYGN Ethical Hacker Group, Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability (26.09.2011)
 documentNetsparker Advisories, XSS Vulnerabilities in TWiki < 5.1.0 (26.09.2011)
 documentMustLive, Multiple vulnerabilities in AWStats (26.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Help Desk Software (26.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod