Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		08.05.2008
Source:
SecurityVulns ID:		8972
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting

Affected:		VBZOOM : VBZooM 1.11
		SPHIDER : Sphider 1.3
		ZOMPLOG : Zomplog 3.8
		EGROUPWARE : eGroupWare 1.4
		PMACHINEPRO : pMachinePro 2.4
		TUXCMS : tuxcms 0.1
		MVNFORUM : mvnForum 1.1
		ROUNDUP : roundup 1.3
		EZCONTENTS : ezContents CMS 2.0
CVE:		CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.)
		CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.)
		CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.)

Original document		GENTOO, [ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities (08.05.2008)
		hadihadi_zedehal_2006_(at)_yahoo.com, ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities (08.05.2008)
		DEBIAN, [SECURITY] [DSA 1554-2] New roundup packages fix regression (08.05.2008)
		decoder-bugtraq_(at)_own-hero.net, mvnForum 1.1 Cross Site Scripting (08.05.2008)
		hadikiamarsi_(at)_hotmail.com, Multiple XSS In TuxCMS All Version (08.05.2008)
		Cr4zY.CrAcKeR_(at)_hotmail.com, VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability (08.05.2008)
		linux0day_(at)_yahoo.com, Vulnerability in Multiple Web Application (08.05.2008)
		MustLive, Vulnerability in pMachinePro (08.05.2008)

Discuss:

Read or add your comments to this news (0 comments)