Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.04.2007
Source:
SecurityVulns ID:7543
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LIVOR : livor 2.5
 CMAILSERVER : CmailServer WebMail 5.3
 WITSHARE : witshare 0.9
CVE:CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.)
 CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.)
 CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.)
 CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.)
Original documentdocumentthe_3dit0r_(at)_yahoo.com, witshare 0.9 Remote File Include Vulnerabilitiy (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, livor 2.5 Cross-Site Scripting Vulnerability (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #41]onelook courts online - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, phpContact Multiple Remote File Inclusion Vulnerabilities (08.04.2007)
Files:CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod