Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 10.03.2008
Source:
SecurityVulns ID: 8767
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: VHCS : VHCS 2.4
MOINMOIN : MoinMoin 1.5
PHPMYADMIN : phpMyAdmin 2.11
CVE: CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.)
CVE-2008-1099
CVE-2008-1098
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via ".." sequences in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.)
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.)
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.)

Original document gmdarkfig_(at)_gmail.com, VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit (10.03.2008)

lovebug_(at)_hotmail.it, PHP-Nuke SQL injection Module "Hadith" [cat] (10.03.2008)

GENTOO, [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability (10.03.2008)

DEBIAN, [SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities (10.03.2008)

Files: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
Discuss: Read or add your comments to this news (2 comments)

	KPOT_f1nd: Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) 14.03.2008 2:21:40
	Класс на мирволе...

	mmuller: Quick solution 12.03.2008 5:05:43
	Hi, In case you didn't have this patch. Patch login.php as soon as possible (old bug). ... full text

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)