Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.03.2013
Source:
SecurityVulns ID:12944
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MNOGOSEARCH : mnoGoSearch 3.3
 WORDPRESS : WordPress 3.3
 QUESTION2ANSWER : Question2Answer 1.5
 WORDPRESS : Count-Per-Day 3.2
 COSCMS : CosCms 1.721
 WORDPRESS : Events Manager 5.3
 APACHE : FileUpload 1.2
 DALIM : DALIM Dialog Server 6.0
 GWOS : GroundWork Monitor 6.7
 SWFUPLOAD : SWFUpload 2.2
CVE:CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.)
 CVE-2013-1668 (The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.)
 CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-1407 (Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to and event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php.)
Original documentdocumentMustLive, AoF, IAA and CSRF vulnerabilities in Question2Answer (11.03.2013)
 documentMustLive, Exploit for stealing admin's account in Question2Answer (11.03.2013)
 documentMustLive, CS and XSS vulnerabilities in SWFUpload (11.03.2013)
 documentEmmanuel FARCY, Stored XSS in Terillion Reviews Wordpress Plugin (11.03.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) (11.03.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) (11.03.2013)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion (11.03.2013)
 documentAPACHE, [SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples (11.03.2013)
 documentHigh-Tech Bridge Security Research, Multiple XSS vulnerabilities in Events Manager WordPress plugin (11.03.2013)
 documentHigh-Tech Bridge Security Research, OS Command Injection in CosCms (11.03.2013)
 documentnoreply_(at)_ptsecurity.ru, [PT-2013-17] Arbitrary Files Reading in mnoGoSearch (11.03.2013)
 documentalejandr0.m0f0_(at)_gmail.com, WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS) (11.03.2013)
 documentstephan.rickauer_(at)_csnc.ch, CVE-2013-1413 (11.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod