Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		10.03.2008
Source:
SecurityVulns ID:		8767
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		VHCS : VHCS 2.4
		MOINMOIN : MoinMoin 1.5
		PHPMYADMIN : phpMyAdmin 2.11
CVE:		CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.)
		CVE-2008-1099
		CVE-2008-1098
		CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via ".." sequences in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.)
		CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.)
		CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.)

Original document		gmdarkfig_(at)_gmail.com, VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit (10.03.2008)
		lovebug_(at)_hotmail.it, PHP-Nuke SQL injection Module "Hadith" [cat] (10.03.2008)
		GENTOO, [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability (10.03.2008)
		DEBIAN, [SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities (10.03.2008)

Files:		VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
Discuss:		Read or add your comments to this news (2 comments)