NCHOVY 인터넷 스톰 센터 xeraph@nchovy.kr National Vulnerability Database http://nchovy.kr/security/cve/CVE-2009-4168 Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter. 2010-03-10T00:00:00+09:00 2010-03-10T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. 2010-03-10T00:00:00+09:00 2010-03-10T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0946 SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0945 SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0944 Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0943 Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0942 Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0941 Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php. 2010-03-09T00:00:00+09:00 2010-03-09T00:00:00+09:00