Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11273
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:4HOMEPAGES : 4images 1.7
 DIFERIOR : Diferior 8.03
 JQUERY : jQuery Lightweight Rich Text Editor 1.2
Original documentdocumentu6q_(at), SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X (30.11.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS (Cross Site Scripting) vulnerability in Diferior (30.11.2010)

HP LaserJet Multi Functional Devices unauthorized access
updated since 18.11.2010
SecurityVulns ID:11261
Threat Level:
Description:Unauthorized files access is possible.
Affected:HP : LaserJet 4100
 HP : LaserJet 4200
 HP : LaserJet 4300
 HP : LaserJet 5100
 HP : LaserJet 8510
 HP : LaserJet 9000
CVE:CVE-2010-4107 (The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.)
Original documentdocumentsecurity_(at), n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface (30.11.2010)
 documentHP, [security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files (18.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod