Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.09.2007
Source:
SecurityVulns ID:8189
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEPHPBLOG : SimplePHPBlog 0.4
 NUKESENTINEL : NukeSentinel 2.5
 SIMPGB : SimpGB 1.46
 PROSEARCH : PRO-search 0.17
 SIMPLEPHPBLOG : simplePHPBlog 0.5
 SIMPNEWS : SimpNews 2.41
CVE:CVE-2007-4874
 CVE-2007-4873
 CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages.)
Original documentdocumentsecurityresearch_(at)_netvigilance.com, SimpGB version 1.46.02 Information Disclosure Vulnerability (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpGB version 1.46.02 File Content Disclosure Vulnerability (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities (26.09.2007)
 documentsecurityresearch_(at)_netvigilance.com, SimpNews version 2.41.03 File Content Disclosure Vulnerability (26.09.2007)
 documentJanek Vind, [waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke (26.09.2007)
 documentJanek Vind, [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11 (26.09.2007)
 documentluca.carettoni_(at)_securenetwork.it, Simple PHP Blog Multiple Vulnerabilities (26.09.2007)
 documentMustLive, Vulnerability in PRO-search (26.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod