Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 26.02.2008
Source:
SecurityVulns ID: 8719
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: HORDE : turba 2.0
WORDPRESS : Sniplets 1.1 plugin for Wordpress
PAGETOOL : Pagetool 1.07
CVE: CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.)

Original document DEBIAN, [SECURITY] [DSA 1507-1] New turba2 packages fix permission testing (26.02.2008)

turkish-warrorr_(at)_hotmail.com, Powered by Pagetool Ver (1.04-05-06-07) (26.02.2008)

nbbn_(at)_gmx.net, Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities (26.02.2008)

no-reply_(at)_aria-security.net, Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection (26.02.2008)

document nnposter_(at)_disclosed.not, Packeteer Products File Listing XSS (26.02.2008)

nnposter_(at)_disclosed.not, Alkacon OpenCms tree_files.jsp resource XSS (26.02.2008)

Hamza Almersoumi, Softbiz jokes and funny pictures (index.php) sql injection (26.02.2008)

no-reply_(at)_aria-security.net, Php Nuke "Sell" module SQL Injection ("cid") (26.02.2008)

document no-reply_(at)_aria-security.net, Pigyard Art Gallery Multiple SQL Injection (26.02.2008)

no-reply_(at)_aria-security.net, Joomla com_inter "id" Remote SQL Injection (26.02.2008)

no-reply_(at)_aria-security.net, Joomla Com_blog "pid" Remote SQL Injection (26.02.2008)

hackturkiye.hackturkiye_(at)_gmail.com, joomla com_simpleshop SQL Injection(section) # (26.02.2008)

document hackturkiye.hackturkiye_(at)_gmail.com, joomla com_wines SQL Injection(id) (26.02.2008)

hackturkiye.hackturkiye_(at)_gmail.com, joomla com_garyscookbook SQL Injection(id) (26.02.2008)

no-reply_(at)_aria-security.net, Joomla com_stat "id" Remote SQL Injection (26.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin