Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 10.04.2009
Source:
SecurityVulns ID: 9808
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Openads: code execution

Affected: OPENADS : Openads 2.4
HORDE : Horde 3.2
EXJUNE : Exjune Guestbook 2
ADAPTBB : AdaptBB 1.0
GEEKLOG : Geeklog 1.5
LGASOFT : SASPCMS 0.9
NET2FTP : net2ftp 0.97
CVE: CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.)
CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.)
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.)

Original document c1c4tr1z_(at)_voodoo-labs.org, net2ftp <= 0.97 Cross-Site Scripting/Request Forgery (10.04.2009)

Matthew Dempsky, Adgregate ShopAd widget validation is vulnerable to replay attack (10.04.2009)

admin_(at)_bugreport.ir, SASPCMS Multiple Vulnerabilities (10.04.2009)

Salvatore "drosophila" Fresta, AdaptBB 1.0 Beta Multiple Remote Vulnerabilities (10.04.2009)

document rgod, Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability (10.04.2009)

rgod, Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (10.04.2009)

alphanix00_(at)_gmail.com, Exjune Guestbook v2 Remote Database Disclosure Exploit (10.04.2009)

MustLive, Code Execution vulnerability in Openads (10.04.2009)

Files: Exjune Guestbook v2 Remote Database Disclosure Exploit
Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server