Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.10.2008
Source:
SecurityVulns ID:9332
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:IFOTO : iFoto 1.0
 CMME : CMME 1.19
 HAMMERSOFTWARE : MetaGauge 1.0
 MONO : Mono 2.0
 PHPWEBEXPLORER : PHPWebExplorer 0.99
CVE:CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.)
 CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.)
Original documentdocumentBrad Antoniewicz, PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability (06.10.2008)
 documentBrad Antoniewicz, MetaGauge 1.0.0.17 Directory Traversal (06.10.2008)
 documentadmin_(at)_bugreport.ir, CMME Multiple Information disclosure vulnerabilities (06.10.2008)
 documentPepelux, iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability (06.10.2008)
 documentGhost hacker, Website Directory - XSS Exploit (06.10.2008)
Files:Website Directory - XSS Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod