Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		02.11.2009
Source:
SecurityVulns ID:		10367
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MAHARA : mahara 1.0
		JOOMLA : Joomla ProofReader 1.0
CVE:		CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
		CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.)

Original document		MustLive, Cross-Site Scripting vulnerability in ProofReader for Joomla (02.11.2009)
		DEBIAN, [SECURITY] [DSA 1924-1] New mahara packages fix several vulnerabilities (02.11.2009)

Discuss:

Read or add your comments to this news (0 comments)

Panda Global Protection / Panda Internet Security weak security permissions updated since 02.11.2009
Published:		12.01.2010
Source:		BUGTRAQ
SecurityVulns ID:		10368
Type:		local
Level:		5/10
Description:		Weak permissions for executable files.

Affected:		PANDA : Panda Global Protection 2010
		PANDA : Panda Internet Security 2010
		PANDA : Panda Antivirus 2010
		PANDA : Panda Security for Business 4.04
		PANDA : Panda Security for Enterprise 4.04
		PANDA : Panda Security for Desktops 4.05
		PANDA : Panda Security for File Servers 8.04

Original document		NSO Research, NSOADV-2010-001: Panda Security Local Privilege Escalation (12.01.2010)
		ShineShadow, Panda Security Software Local Privilege Escalation (12.11.2009)
		Protek Research Lab, {PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability (02.11.2009)

Discuss:

Read or add your comments to this news (0 comments)