Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.10.2012
Source:
SecurityVulns ID:12598
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 2.5
 WORDPRESS : Wordpress Download Monitor 3.3
 MICROCART : Microcart 1.0
 WORDPRESS : MF Gig Calendar 0.9
 OSSECWUI : ossec-wui 0.3
 ATLASSIAN : Confluence 3.0
CVE:CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.)
 CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3) first_name, (4) last_name, (5) cc, (6) exp, (7) cvv, (8) address1, (9) address2, (10) city, (11) state, (12) zip, (13) phone, or (14) email parameter to checkout.php, which is not properly handled in an error message.)
Original documentdocumentsschurtz_(at)_darksecurity.de, Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities (01.10.2012)
 documentRobert Gilbert, [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities (01.10.2012)
 documentA. Ramos, XSS in OSSEC wui 0.3 (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, MF Gig Calendar Wordpress Plugin - Cross-Site Scripting (01.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (01.10.2012)
 documentMustLive, Multiple vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, BF and XSS vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, CSRF and XSS vulnerabilities in IFOBS (01.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod