Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.12.2008
Published:19.12.2008
Source:
SecurityVulns ID:9528
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Phpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings,
Affected:JOOMLA : Joomla 1.5
 PHPCLANWEBSITE : Phpclanwebsite 2.12
 LITTLECMS : LittleCMS 1.16
CVE:CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.)
 CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.)
Original documentdocumentEhsan_Hp200_(at)_hotmail.com, EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability (18.12.2008)
 documentUBUNTU, [USN-693-1] LittleCMS vulnerability (18.12.2008)
 documentHanno Bock, Joomla: Session hijacking vulnerability, CVE-2008-4122 (18.12.2008)
 documentS4aVRd0w, Многочисленные уязвимости в Phpclanwebsite <= 1.23.3 Fix Pack #5 (18.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod