Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 13.02.2012
Source:
SecurityVulns ID: 12182
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: BUGZILLA : Bugzilla 3.5
BUGZILLA : Bugzilla 3.6
BUGZILLA : Bugzilla 3.7
ZENPHOTO : ZENphoto 1.4
PHPLDAPADMIN : phpLDAPadmin 1.2
BUGZILLA : Bugzilla 4.1
CYBEROAM : Cyberoam Central Console 2.00
EFRONTLEARNING : eFronts Community++ 3.6
BATAVI : Batavi 1.1
APACHE : CXF 2.4
APACHE : CXF 2.5
SIMPLEGROUPWARE : SimpleGroupware 0.742
BUGZILLA : Bugzilla 4.2
BUGZILLA : Bugzilla 4.0
MIBEW : mibew messenger 1.6
POSTFIXADMIN : postfixadmin 2.3
OSCLASS : OSClass 2.3
DLCASSIFIEDS : DClassifieds 0.1
WORDPRESS : WordPress 3.3
WORDPRESS : Kish Guest Posting Plugin 1.0
BIGWARE : Bigware shop 2.14
SOLARWINDS : SolarWinds Storage Manager Server 5.1
WORDPRESS : AllWebMenus 1.1
CVE: CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.)
CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.)
CVE-2012-0993 (Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.)
CVE-2012-0803
CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.)

Original document pavel_(at)_6scan.com, AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload (13.02.2012)

ddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass (13.02.2012)

research_(at)_vulnerability-lab.com, Bart`s CMS - SQL Injection Vulnerability (13.02.2012)

document rwenzel_(at)_dw-itsecurity.de, SQL injection in Bigware shop software (13.02.2012)

n0b0d13s_(at)_gmail.com, Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability (13.02.2012)

Trustwave Advisories, TWSL2012-002: Multiple Vulnerabilities in WordPress (13.02.2012)

document advisory_(at)_htbridge.ch, CSRF (Cross-Site Request Forgery) in DClassifieds (13.02.2012)

advisory_(at)_htbridge.ch, Multiple vulnerabilities in OSclass (13.02.2012)

Filippo Cavallarin, Mibew messenger multiple XSS (13.02.2012)

Filippo Cavallarin, Multiple vulnerabilities in postfixadmin (13.02.2012)

document Filippo Cavallarin, Multiple vulnerabilities in OSClass (13.02.2012)

LpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14 (13.02.2012)

advisory_(at)_htbridge.ch, Multiple vulnerabilities in OpenEMR (13.02.2012)

andsarmiento_(at)_gmail.com, XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge) (13.02.2012)

document security_(at)_infoserve.de, SimpleGroupware 0.742 Cross-Site-Scripting vulnerability (13.02.2012)

APACHE, CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly (13.02.2012)

Netsparker Advisories, SQL Injection Vulnerability in Batavi 1.1.2 (13.02.2012)

document research_(at)_vulnerability-lab.com, eFronts Community++ v3.6.10 - Cross Site Vulnerability (13.02.2012)

research_(at)_vulnerability-lab.com, Cyberoam Central Console v2.00.2 - File Include Vulnerability (13.02.2012)

advisory_(at)_htbridge.ch, Multiple vulnerabilities in ZENphoto (13.02.2012)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod