Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.07.2013
Source:
SecurityVulns ID:13213
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TINYMCE : TinyMCE Image Manager 1.1
 ALKACON : OpenCms 8.5
 REDHAT : JBoss AS Administration Console 1.2
 OPENXCHANGE : Open-Xchange 7.2
CVE:CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.)
 CVE-2013-3734
 CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.)
Original documentdocumentMustLive, Multiple vulnerabilities in Googlemaps plugin for Joomla (19.07.2013)
 documentMustLive, AFU and XSS vulnerabilities in TinyMCE Image Manager (19.07.2013)
 documenti_(at)_amroot.com, CVE-2013-3734 - JBoss AS Administration Console - Password Returned in Later Response (19.07.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-06-03 (19.07.2013)
 documentMichal Blaszczak, Voice Logger astTECS - bypass login & arbitrary file download (19.07.2013)
 documentHigh-Tech Bridge Security Research, XSS Vulnerabilities in OpenCms (19.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod