Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 19.07.2007
Published:		19.07.2007
Source:
SecurityVulns ID:		7944
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		SIMPLEMACHINES : Simple Machines Forum 1.0
		LEDGERSMB : LedgerSMB 1.2
		INSANELYSIMPLE : Insanely Simple Blog 0.5
		MAILMARSHAL : MailMarshal SMTP 6.2
		GEOBLOG : Geoblog 1
		DOKUWIKI : DokuWiki 2007-06-26
CVE:		CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.)
		CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.)

Original document		Cyrill Brunschwiler, DokuWiki suffers XSS (19.07.2007)
		joseph.giron13_(at)_gmail.com, Geoblog v1 administrator bypass (19.07.2007)
		Gary O'leary-Steele, [Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability (19.07.2007)
		Chris Travers, Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 (19.07.2007)
		Chris Travers, Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 (19.07.2007)
		UBUNTU, [USN-487-1] Dovecot vulnerability (19.07.2007)
		joseph.giron13_(at)_gmail.com, Insanely simple blog - Multiple vulnerabilities (19.07.2007)
		sirn0n_(at)_yahoo.com, LFI On SMF 1.1.3 (19.07.2007)
		Matthew Cook, ExLibris Aleph and Metalib Cross Site Scripting Attack (19.07.2007)

Discuss:

Read or add your comments to this news (0 comments)