Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:8972
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
Affected:VBZOOM : VBZooM 1.11
 SPHIDER : Sphider 1.3
 ZOMPLOG : Zomplog 3.8
 EGROUPWARE : Egroupware 1.4
 PMACHINEPRO : pMachinePro 2.4
 TUXCMS : tuxcms 0.1
 MVNFORUM : mvnForum 1.1
 ROUNDUP : roundup 1.3
 EZCONTENTS : ezContents CMS 2.0
CVE:CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.)
 CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/ in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.)
 CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.)
Original documentdocumentGENTOO, [ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities (08.05.2008)
 documenthadihadi_zedehal_2006_(at), ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities (08.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1554-2] New roundup packages fix regression (08.05.2008)
 documentdecoder-bugtraq_(at), mvnForum 1.1 Cross Site Scripting (08.05.2008)
 documenthadikiamarsi_(at), Multiple XSS In TuxCMS All Version (08.05.2008)
 documentCr4zY.CrAcKeR_(at), VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability (08.05.2008)
 documentlinux0day_(at), Vulnerability in Multiple Web Application (08.05.2008)
 documentMustLive, Vulnerability in pMachinePro (08.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod