Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.03.2007
Source:BUGTRAQ
SecurityVulns ID:7474
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XOOPS : xoops 2.0
 WORDPRESS : WordPress 2.1
 CCCONUNTER : CcCounter 2.0
 HORDE : Horde 1.0
 CYPHERSTRUST : Ironmail 6.1
CVE:CVE-2007-1769 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-1873. Reason: This candidate is a duplicate of CVE-2007-1873. Notes: All CVE users should reference CVE-2007-1873 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.)
 CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6])
 CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.)
 CVE-2007-1679 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.)
Original documentdocumentUniquE_(at)_UniquE-Key.Org, Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC (27.03.2007)
 documentJavier Olascoaga, Multiple XSS in IronMail (27.03.2007)
 documentstormhacker_(at)_hotmail.com, Satel Lite for PhpNuke (Satellite.php) <= Local File Inclusion (27.03.2007)
 documentCrYpTiC MauleR, Fizzle : Firefox Extension Vulnerability (27.03.2007)
 documentSergey Tikhonov, Mephisto blog is vulnerable to XSS (27.03.2007)
 documentHackers Center Security Group, Horde Webmail Multiple HTML Injection vulnerability (27.03.2007)
 documentlj_(at)_subjectzero.net, Path Disclosure - Wordpress 2.1.2 (27.03.2007)
 documentCrackers_Child, CcCounter 2.0 cross-site scripting vulnerability (27.03.2007)
Files:Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru