Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.03.2010
Source:
SecurityVulns ID:10703
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:KLONEWS : KloNews 2.0
 DREAMHOST : DreamHost 2.3
 VBULLETIN : vBulletin 4.0
 FLEXCMS : Flex CMS 2.5
 PHPWIND : PHPWind 6.0
Original documentdocumentlis cker, There are lost of xss vul in PHPWind v6.0 ! (21.03.2010)
 documentMustLive, Vulnerabilities in CaptchaSecurityImages (21.03.2010)
 documentInj3ct0r.com, Flex CMS <= 2.5 (index.php)Blind SQL Injection Vulnerability (21.03.2010)
 documentInj3ct0r.com, Vbulletin 4.0.2 XSS Vulnerability (21.03.2010)
 documentMustLive, Vulnerabilities in CaptchaSecurityImages (21.03.2010)
 documentInj3ct0r.com, DreamHost <= && > 2.3 global Inj3ct0r/Xss/Local inc Multiple Exploit (21.03.2010)
 documentInj3ct0r.com, KloNews <= 2.0 Cross-Site Scripting (XSS) Vulnerability (21.03.2010)

PHP DoS
Published:21.03.2010
Source:
SecurityVulns ID:10704
Type:library
Threat Level:
6/10
Description:Crash on XML-RPC requests processing.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference (21.03.2010)

IBM Lotus Domino response splitting
updated since 21.03.2010
Published:23.03.2010
Source:
SecurityVulns ID:10705
Type:remote
Threat Level:
5/10
Description:Response splitting via POST request to /names.nsf, crossite scripting.
Original documentdocumentYaniv Miron, IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability (23.03.2010)
 documentYaniv Miron, IBM Lotus 6.x HTTP Response Splitting Vulnerability (21.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod