Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.01.2012
Published: 21.01.2012
Source:
SecurityVulns ID: 12156
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: WEBCALENDAR : Webcalendar 1.2
KNOWLEDGETREE : KnowledgeTree 3.7
APPRAIN : appRain CMF 0.1
DRUPAL : CKEditor 3.6
ONEORZERO : OneOrZero AIMS 2.8
FAMCONNECTIONS : Family Connections 2.7
PHPVIDEOPRO : phpVideoPro 0.9
BEEHIVEFORUM : Beehive Forum 101
BOLTWIRE : BoltWire 3.4
ATUTOR : ATutor 2.0
OPENTTD : OpenTTD 1.0
KAYAKO : Kayako Support Suite 3.70
X3CMS : x3cms 0.4
CVE: CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.)
CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.)
CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.)

Original document security_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012)

noreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012)

noreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012)

document noreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012)

noreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012)

DEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012)

sschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012)

document sschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012)

sschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012)

sschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012)

tom, Family Connections 2.7.2 Multiple XSS (21.01.2012)

document advisory_(at)_htbridge.ch, XSS in OneOrZero AIMS (21.01.2012)

advisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012)

n0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012)

document tom, Webcalendar 1.2.4 'location' XSS (21.01.2012)

Discuss: Read or add your comments to this news (1 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod