 |
|
Affected: |  | PHPLIST : phpList 2.10 | |  | FCKEDITOR : FCKeditor 2.6 | |  | LEDGERSMB : LedgerSMB 1.3 | |  | SOCIALENGINE : Social Engine 4.2 | |  | PPBOARD : PBBoard 2.1 | |  | CAKEPHP : CakePHP 2.2 | |  | DIR2WEB : Dir2web 3.0 | |  | OPENCONSTRUCTOR : Openconstructor 3.12 | |  | REDAXO : Redaxo 4.4 | |  | TEKNOPORTAL : tekno.Portal 0.1 | |  | OCPORTAL : ocPoral 7.1 | CVE: |  | CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.) | |  | CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.) | |  | CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.) | |  | CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.) | |  | CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.) | |  | CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.) | |  | CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.) | |  | CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.) | |  | CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.) |
Original document |  | YGN Ethical Hacker Group, ocPortal 7.1.5 <= | Open URL Redirection Vulnerability (13.08.2012) |
|  | Chris Travers, Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability (13.08.2012) |
|  | X-Cisadane, Social Engine 4 Persistent XSS & Non-Persistent XSS (13.08.2012) |
|  | Socket_0x03_(at)_teraexe.com, Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability (13.08.2012) |
|  | High-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Redaxo (13.08.2012) |
|  | lorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities (13.08.2012) |
|  | lorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability (13.08.2012) |
|  | lorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities (13.08.2012) |
|  | Daniel Correa, Dir2web3 Mutiple Vulnerabilities (13.08.2012) |
|  | Vulnerability Lab, Joomla com_package - SQL Injection Vulnerability (13.08.2012) |
|  | Vulnerability Lab, Joomla com_photo - SQL Injection Vulnerability (13.08.2012) |
|  | Vulnerability Lab, Inout Mobile Webmail APP - Multiple Web Vulnerabilities (13.08.2012) |
|  | Vulnerability Lab, iAuto Mobile Application 2012 - Multiple Web Vulnerabilities (13.08.2012) |
|  | Multiple vulnerabilities in PBBoard, Multiple vulnerabilities in PBBoard (13.08.2012) |
|  | DEBIAN, [SECURITY] [DSA 2522-1] fckeditor security update (13.08.2012) |
|  | High-Tech Bridge Security Research, Multiple Vulnerabilities in phpList (13.08.2012) |
|  | MustLive, XXE Injection in CakePHP and Squiz CMS (13.08.2012) |
|  | MustLive, Zend Framework - Local file disclosure via XXE injection (13.08.2012) |
|
|
|
|
|
|
|