Computer Security
[EN] securityvulns.ru
no-pyccku

  

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.01.2012
Published:21.01.2012
Source:
SecurityVulns ID:12156
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBCALENDAR : Webcalendar 1.2
 KNOWLEDGETREE : KnowledgeTree 3.7
 APPRAIN : appRain CMF 0.1
 DRUPAL : CKEditor 3.6
 ONEORZERO : OneOrZero AIMS 2.8
 FAMCONNECTIONS : Family Connections 2.7
 PHPVIDEOPRO : phpVideoPro 0.9
 BEEHIVEFORUM : Beehive Forum 101
 BOLTWIRE : BoltWire 3.4
 ATUTOR : ATutor 2.0
 OPENTTD : OpenTTD 1.0
 KAYAKO : Kayako Support Suite 3.70
 X3CMS : x3cms 0.4
CVE:CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.)
 CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.)
 CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.)
Original documentdocumentsecurity_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentDEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012)
 documenttom, Family Connections 2.7.2 Multiple XSS (21.01.2012)
 documentadvisory_(at)_htbridge.ch, XSS in OneOrZero AIMS (21.01.2012)
 documentadvisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012)
 documentn0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012)
 documenttom, Webcalendar 1.2.4 'location' XSS (21.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru