Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.07.2010
SecurityVulns ID:10978
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORXWARE : DCP-Portal 7.0
 MODX : MODx CMF 1.0
 ARTFORMS : ArtForms 2.1
 RUNCMS : RunCMS 2.1
 PLIGG : Pligg 1.0
 EXPONENT : Exponent CMS 0.97
Original documentdocumentAndrei Rimsa, Exponent Slideshow XSS Vulnerability (08.07.2010)
 documentAndrei Rimsa, Pligg Installation File XSS Vulnerability (08.07.2010)
 documentAndrei Rimsa, RunCMS XSS Vulnerability via User Agent (08.07.2010)
 documentSalvatore "drosophila" Fresta, ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities (08.07.2010)
 documentAndrei Rimsa, MODx Installation File XSS Vulnerability (08.07.2010)
 documentAndrei Rimsa, DCP-Portal Multiple XSS Vulnerabilities (08.07.2010)

lftp file overwrite
SecurityVulns ID:10979
Threat Level:
Description:Downloaded file name in lftpget may be set by server without user confirmation.
Affected:LFTP : lftp 4.0
CVE:CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:128 ] lftp (08.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod