Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7944
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEMACHINES : Simple Machines Forum 1.0
 LEDGERSMB : LedgerSMB 1.2
 INSANELYSIMPLE : Insanely Simple Blog 0.5
 MAILMARSHAL : MailMarshal SMTP 6.2
 GEOBLOG : Geoblog 1
 DOKUWIKI : DokuWiki 2007-06-26
CVE:CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.)
 CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.)
Original documentdocumentCyrill Brunschwiler, DokuWiki suffers XSS (19.07.2007)
 documentjoseph.giron13_(at)_gmail.com, Geoblog v1 administrator bypass (19.07.2007)
 documentGary O'leary-Steele, [Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability (19.07.2007)
 documentChris Travers, Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 (19.07.2007)
 documentChris Travers, Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 (19.07.2007)
 documentUBUNTU, [USN-487-1] Dovecot vulnerability (19.07.2007)
 documentjoseph.giron13_(at)_gmail.com, Insanely simple blog - Multiple vulnerabilities (19.07.2007)
 documentsirn0n_(at)_yahoo.com, LFI On SMF 1.1.3 (19.07.2007)
 documentMatthew Cook, ExLibris Aleph and Metalib Cross Site Scripting Attack (19.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod