Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:10658
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.8
 Explay : Explay CMS 2.1
 1024CMS : 1024CMS 2.1
 DISCUZ : Discuz! 6.0
 ORACLE : Siebel 7.7
 ORACLE : Siebel 7.8
 IBM : WebSphere Portal 6.1
 IBM : WebSphere Portal 6.0
 IBM : WebSphere Portal 5.1
 IBM : Lotus Web Content Management 6.1
 IBM : Lotus Web Content Management 6.0
 IBM : Lotus Web Content Management 5.1
 IBM : Lotus Quickr services for WebSphere Portal 8.0
 IBM : Lotus Quickr services for WebSphere Portal 8.1
Original documentdocumentOfer Maor, Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM (02.03.2010)
 documentYaniv Miron, ARISg5 (version 5.0) cross site scripting vulnerability (02.03.2010)
 documentYaniv Miron, Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability (02.03.2010)
 documentYaniv Miron, ARISg5 (Version 5.0) Cross Site Scripting Vulnerability (02.03.2010)
 documentYaniv Miron, Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities (02.03.2010)
 documentlis cker, [xss] i found a Cross Site Scripting Vulnerability about Discuz! 'uid' Parameter (02.03.2010)
 documentYaniv Miron, Eshbel Priority MarketGate module Cross Site Scripting Vulnerability (02.03.2010)
 documentadmin_(at), 1024CMS Blind SQL Injection Vulnerability (02.03.2010), Explay CMS <= 2.1 SQL Injection Vulnerabilities (02.03.2010)
 documentMustLive, Vulnerabilities in vBulletin (02.03.2010)

DATEV eG ActiveX code execution
SecurityVulns ID:10659
Threat Level:
Description:ExecuteExe unsafe method allows code execution.
Affected:DATEV : DVBSExeCall 1.0
CVE:CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.)
Original documentdocumentNSO Research, NSOADV-2010-003: DATEV ActiveX Control remote command execution (02.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod