Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.04.2011
Source:
SecurityVulns ID:11576
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : The Gazette Edition 2.9
 IKIWIKI : ikiwiki 3.0
 ELXISCMS : eForum 1.1
CVE:CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.)
Original documentdocumentby_argos_(at)_hotmail.com, Arbitary File Upload Vulnerability in Elxis CMS component eForum v1.1 (12.04.2011)
 documentDEBIAN, [SECURITY] [DSA 2214-1] ikiwiki security update (12.04.2011)
 documentMustLive, Уязвимости в теме The Gazette Edition для WordPress (12.04.2011)

ISC DHCP dhclient DHCP client shell unfiltered characters vulnerability
updated since 12.04.2011
Published:16.11.2011
Source:
SecurityVulns ID:11577
Type:client
Threat Level:
7/10
Description:Shell characters vulnerability on server options processing.
Affected:APPLE : Apple Airport
 ISC : dhcp 4.1
 APPLE : Apple Time Capsule
CVE:CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.)
Original documentdocumentAPPLE, APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 (16.11.2011)
 documentDEBIAN, [SECURITY] [DSA 2216-1] isc-dhcp security update (12.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod