Computer Security
[EN] securityvulns.ru
no-pyccku

  

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.06.2012
Source:
SecurityVulns ID:12445
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBB : Mybb 1.6
 SQUIZ : Squiz Matrix 4.6
 TRAQ : traq 2.3
 WEBATALL : web@all 2.6
 COMMENTICS : Commentics 2.0
 NEWSSCRIPTSPHP : News Script PHP 1.2
 WEBIFY : Webify 6.5
 SWOOPO : Gold Shop 8.4
 ERGON : Airlock 4.2
CVE:CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.)
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass (25.06.2012)
 documentVulnerability Lab, Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007 (25.06.2012)
 documentVulnerability Lab, [Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, Webify Product Series - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, News Script PHP v1.2 - Multiple Web Vulnerabilites (25.06.2012)
 documentpereira_(at)_secbiz.de, Commentics 2.0 <= Multiple Vulnerabilities (25.06.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in web@all (25.06.2012)
 documentchin4b0y, Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy (25.06.2012)
 documentchin4b0y, traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns (25.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru