Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.03.2010
Source:
SecurityVulns ID:10711
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 UWCMS : Universal Web CMS 1.0
 INSTANTCMS : Instant CMS 1.1
 PULSECMS : Pulse CMS 1.2
 SPRINGSOURCE : Hyperic HQ 4.2
 OPENCMS : OAMP comments module 1.0
 DISCUZ : Discuz! 7.0
CVE:CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.)
 CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.)
 CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields.")
Original documentdocumentlis cker, "$referer" export lead to the cross-site flaws in all versions of Discuz! (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability (24.03.2010)
 documentCyrill Brunschwiler, CVE-2009-4505 OpenCMS OAMP Comments Module XSS (24.03.2010)
 documents2-security, CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (24.03.2010)
 documentInj3ct0r.com, Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability (24.03.2010)
 documenteidelweiss, Joomla component com_universal <= Remote File Inclusion Vulnerability exploit (24.03.2010)

Microsoft Internet Explorer memory corruption
Published:24.03.2010
Source:
SecurityVulns ID:10710
Type:client
Threat Level:
8/10
Description:Memory corruption on XML/HTML processing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentk4mr4n_St_(at)_yahoo.com, Internet Explorer 7.0 0day Vulnerability (24.03.2010)
Files:Microsoft IE XML IMG SRC memroy corruption

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod