Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:8607
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: SQL injection and crossite scripting.
Affected:PHPBB : phpBB 2.0
 CHERRYPY : CherryPy 3.0
 CANDYPRESS : CandyPress 4.1
CVE:CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in (1) lib/ in CherryPy 3.0.x up to 3.0.2, (2) filter/ in CherryPy 2.1, and (3) filter/ in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.)
Original documentdocumentadmin_(at), [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) (25.01.2008)
 documentmilad_sa2007_(at), Pre Dynamic Institution bypass (25.01.2008)
 documentmilad_sa2007_(at), Pre Hotel and Resorts reservation portal login bypass (25.01.2008)
 documentmilad_sa2007_(at), E-SMART CART bypass (25.01.2008)
 documentnbbn_(at), phpBB 2.0.22 Remote PM Delete XSRF Vulnerability (25.01.2008)
 documentRPATH, rPSA-2008-0030-1 CherryPy (25.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod