Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.12.2008
Source:
SecurityVulns ID:9546
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : Personal Sticky Threads 1.0
 NAGIOS : nagios 2.11
CVE:CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.)
 CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.)
Original documentdocumentxl4nothing_(at)_gmail.com, Personal Sticky Threads v1.0.3c vbulletin Add-on problem (26.12.2008)
 documentlovebug_(at)_hotmail.it, joomla com_lowcosthotels sql injection (26.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod TI - Blog System Sql Injection (26.12.2008)
Files:Exploits joomla com_lowcosthotels sql injection

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod