Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.02.2008
Source:
SecurityVulns ID:8719
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:HORDE : turba 2.0
 WORDPRESS : Sniplets 1.1 plugin for Wordpress
 PAGETOOL : Pagetool 1.07
CVE:CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1507-1] New turba2 packages fix permission testing (26.02.2008)
 documentturkish-warrorr_(at)_hotmail.com, Powered by Pagetool Ver (1.04-05-06-07) (26.02.2008)
 documentnbbn_(at)_gmx.net, Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities (26.02.2008)
 documentno-reply_(at)_aria-security.net, Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection (26.02.2008)
 documentnnposter_(at)_disclosed.not, Packeteer Products File Listing XSS (26.02.2008)
 documentnnposter_(at)_disclosed.not, Alkacon OpenCms tree_files.jsp resource XSS (26.02.2008)
 documentHamza Almersoumi, Softbiz jokes and funny pictures (index.php) sql injection (26.02.2008)
 documentno-reply_(at)_aria-security.net, Php Nuke "Sell" module SQL Injection ("cid") (26.02.2008)
 documentno-reply_(at)_aria-security.net, Pigyard Art Gallery Multiple SQL Injection (26.02.2008)
 documentno-reply_(at)_aria-security.net, Joomla com_inter "id" Remote SQL Injection (26.02.2008)
 documentno-reply_(at)_aria-security.net, Joomla Com_blog "pid" Remote SQL Injection (26.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla com_simpleshop SQL Injection(section) # (26.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla com_wines SQL Injection(id) (26.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla com_garyscookbook SQL Injection(id) (26.02.2008)
 documentno-reply_(at)_aria-security.net, Joomla com_stat "id" Remote SQL Injection (26.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod