Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:12471
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APACHE : Hadoop 2.0
 APACHE : Sling 2.1
 BOOKNUX : BookNux 0.2
 FLOGR : Flogr 1.7
CVE:CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.)
 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.)
Original documentdocumentBlack Hat, PHP NUKE ALL VERSION MULTI VULNERABILITY (11.07.2012)
 documentBlack Hat, NDTV Cross Site Scripting Vulnerabilitiy (11.07.2012)
 documentBlack Hat, Joomla Board All Version Sql Vulnerability (11.07.2012)
 documentBlack Hat, Arasism Remote Command Upload Vulnerability (11.07.2012)
 documentBlack Hat, Gharine Cross Site Scripting Vulnerabilitiy (11.07.2012)
 documentBlack Hat, Flogr V1.7 Xss Vulnerability (11.07.2012)
 documentBlack Hat, Behsamanco CMS Editor Vulnerability (11.07.2012)
 documentpereira_(at), BookNux 0.2 <= Multiple Vulnerabilities (11.07.2012)
 documentAPACHE, [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability (11.07.2012)
 documentAaron T. Myers, [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability (11.07.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod