Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.07.2015
Source:
SecurityVulns ID:14610
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:AXIGEN : Axigen 8.0
 GETSIMPLE : GetSimpleCMS 3.3
 APACHE : Groovy 2.4
 NOVELL : GroupWise 2014
 THAIWEB : ThaiWeb CMS 2015Q3
 XCEEDIUM : Xsuite 2.4
 WORDPRESS : Count Per Day 3.4
 CACTI : cacti 0.8
 OPENWEB : Open-Web-Analytics 1.5
 NETCRACKER : NetCracker 8.0
 KASEYA : Kaseya Virtual System Administrator 9.1
 WORDPRESS : Paid Memberships Pro 1.8
CVE:CVE-2015-5533
 CVE-2015-5532
 CVE-2015-5379
 CVE-2015-4669
 CVE-2015-4664
 CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.)
 CVE-2015-3423
 CVE-2015-2878
 CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.)
 CVE-2015-2207
Original documentdocumentadrian.vollmer_(at)_syss.de, Novell GroupWise 2014 WebAccess vulnerable to XSS attacks (27.07.2015)
 documentCedric Champeau, [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure (27.07.2015)
 documentPedro Ribeiro, [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect (27.07.2015)
 documentlilian_iatco_(at)_yahoo.com, XSS vulnerability in OFBiz forms (27.07.2015)
 documentTim, XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 (27.07.2015)
 documentVulnerability Lab, FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability (27.07.2015)
 documentAXIGEN, CVE-2015-5379: Axigen XSS vulnerability for html attachments (27.07.2015)
 documentapparitionsec_(at)_gmail.com, Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities (27.07.2015)
 documentjychia.sec_(at)_gmail.com, NetCracker Resource Management 8.0 - XSS Vulnerability (27.07.2015)
 documentjychia.sec_(at)_gmail.com, NetCracker Resource Management 8.0 - SQL Injection Vulnerability (27.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3312-1] cacti security update (27.07.2015)
 documentHigh-Tech Bridge Security Research, Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin (27.07.2015)
 documentHigh-Tech Bridge Security Research, SQL Injection in Count Per Day WordPress Plugin (27.07.2015)
 documentmodzero security, Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] (27.07.2015)
 documentVulnerability Lab, ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability (27.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3314-1] typo3-src end of life (27.07.2015)
 documentapparitionsec_(at)_gmail.com, Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878 (27.07.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod