Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.01.2013
Source:
SecurityVulns ID:12828
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TINYMCE : TinyBrowser 1.33
 WORDPRESS : Floating Tweets 1.0
 PRIZM : Prizm Content Connect 5.1
 APACHE : CouchDB 1.2
CVE:CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2012-5649 (Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.)
 CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.)
 CVE-2012-5190
Original documentdocumentAPACHE, CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash (14.01.2013)
 documentAPACHE, CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI (14.01.2013)
 documentAPACHE, CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows (14.01.2013)
 documentMustLive, IL, XSS, FPD, AoF, DoS, AFU vulnerabilities in Daily Edition Mouss theme for WordPress (14.01.2013)
 documentresearch_(at)_includesecurity.com, Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect (14.01.2013)
 documentSBV Research, OrangeHRM 2.7.1 Vacancy Name Persistent XSS (14.01.2013)
 documentMustLive, Multiple vulnerabilities in Floating Tweets for WordPress (14.01.2013)
 documentMustLive, Multiple vulnerabilities in TinyBrowser (14.01.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod