Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.05.2008
Source:
SecurityVulns ID:8972
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
Affected:VBZOOM : VBZooM 1.11
 SPHIDER : Sphider 1.3
 ZOMPLOG : Zomplog 3.8
 EGROUPWARE : Egroupware 1.4
 PMACHINEPRO : pMachinePro 2.4
 TUXCMS : tuxcms 0.1
 MVNFORUM : mvnForum 1.1
 ROUNDUP : roundup 1.3
 EZCONTENTS : ezContents CMS 2.0
CVE:CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.)
 CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.)
 CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.)
Original documentdocumentGENTOO, [ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities (08.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities (08.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1554-2] New roundup packages fix regression (08.05.2008)
 documentdecoder-bugtraq_(at)_own-hero.net, mvnForum 1.1 Cross Site Scripting (08.05.2008)
 documenthadikiamarsi_(at)_hotmail.com, Multiple XSS In TuxCMS All Version (08.05.2008)
 documentCr4zY.CrAcKeR_(at)_hotmail.com, VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability (08.05.2008)
 documentlinux0day_(at)_yahoo.com, Vulnerability in Multiple Web Application (08.05.2008)
 documentMustLive, Vulnerability in pMachinePro (08.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod