 |
|
|
|
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.12.2008 | | Published: |  | 19.12.2008 | | Source: |  | | | SecurityVulns ID: |  | 9528 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Phpclanwebsite: multiple directory traversals, multiple SQL injections, multiple crossite scriptings, |
| Affected: |  | JOOMLA : Joomla 1.5 | | | | PHPCLANWEBSITE : Phpclanwebsite 2.12 | | | | LITTLECMS : LittleCMS 1.16 | | CVE: |  | CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.) | | | | CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.) |
|
|
|
|
|
|
|
|
