| New User, Welcome! Login |
web application framework
===========================================================
1. Summary
===========================================================
DotNetNuke (DNN) is an open-source Web Application Framework used to create and deploy websites. The default web.config files distributed with DNN include an embedded Machine Key value (both ValidationKey and DecryptionKey). Under certain circumstances these values may not be updated during the installation/upgrade process, resulting in the ability for an attacker to forge arbitrary ASP.NET forms authentication tickets that can then be used to circumvent all security within a DNN installation. This issue was confirmed to affect the production instance of DNN used on the DNN Homepage (www.dotnetnuke.com).
The vendor (DotNetNuke Corporation) was notified of this issue on March 3, 2008. The vendor responded by releasing version 4.8.2 on March 19, 2008 and has also issued a security bulletin (http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx).
===========================================================
Hello Bugtraq!
I want to warn you about security vulnerabilities in Dataface Web
Application Framework.
-----------------------------
Advisory: Vulnerabilities in Dataface Web Application Framework
-----------------------------
URL: http://websecurity.com.ua/4276/
-----------------------------
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-4802 CVE-2010-4803 CVE-2011-1841
Several vulnerabilities have been discovered Mojolicious, a Perl Web
Application Framework. The link_to helper was affected by cross-site
scripting and implementation errors in the MD5 HMAC and CGI environment
handling have been corrected.
The oldstable distribution (lenny) doesn't include libmojolicious-perl.
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
Debian-specific: no
CVE ID : CVE-2011-1589
Debian Bug : 622952
Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in
Mojolicious, a Perl Web Application Framework.
The oldstable distribution (lenny) doesn't contain libmojolicious-perl.
For the stable distribution (squeeze), this problem has been fixed in
version 0.999926-1+squeeze1.
2. PRODUCT DESCRIPTION
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
II. BACKGROUND
-------------------------
The Horde Application Framework is a modular, general-purpose web
application framework written in PHP. It provides an extensive array
of classes that are targeted at the common problems and tasks involved
in developing modern web applications.
III. DESCRIPTION
-------------------------
for arbitrary files to be overwritten and cross-site scripting attacks.
Background
==========
Horde is a web application framework written in PHP.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
The Horde Application Framework is a general-purpose web application
framework written in PHP, providing classes for handling preferences,
compression, browser detection, connection tracking, MIME and more.
Affected packages
=================
###################################################################################
####################
1. Description:
####################
DotNetNuke is an open source web application framework ideal for creating, deploying and managing interactive web, intranet and extranet sites.
####################
2. Vulnerability:
####################
XSS in "Default.aspx", by using "/" after the ".aspx" file. We must use another ".aspx" string, before "?" or at end of the URL.
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6018
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client.
This update also provides backported bugfixes to the cross-site
scripting filter and the user management API from the latest Horde
Debian-specific: no
CVE ID : CVE-2009-3086 CVE-2009-4214
Debian Bug : 545063 558685
Two vulnerabilities were discovered in Ruby on Rails, a web
application framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-3086
The cookie store may be vulnerability to a timing attack,
potentially allowing remote attackers to forge message
Overview:
Quote from http://www.horde.org
"The Horde Application Framework is a general-purpose web application
framework in PHP, providing classes for dealing with preferences,
compression, browser detection, connection tracking, MIME handling,
and more."
During an audit of a PHP web application which is based on the Horde
Application Framework it was discovered that form elements of the type
Problem type : remote
Debian-specific: no
Debian bug : #547318
CVE ID : CVE-2009-3236
Stefan Esser discovered that Horde, a web application framework providing
classes for dealing with preferences, compression, browser detection,
connection tracking, MIME, and more, is insufficiently validating and
escaping user provided input. The Horde_Form_Type_image form element
allows to reuse a temporary filename on reuploads which are stored in a
hidden HTML field and then trusted without prior validation. An attacker
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
2. PRODUCT DESCRIPTION
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
or Cross-Site Scripting.
Background
==========
Horde is a web application framework written in PHP. Horde IMP, the
"Internet Messaging Program", is a Webmail module and Horde Passwd is a
password changing module for Horde.
Affected packages
=================
|
|
|
