Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.04.2009
Source:
SecurityVulns ID:9808
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Openads: code execution
Affected:OPENADS : Openads 2.4
 HORDE : Horde 3.2
 EXJUNE : Exjune Guestbook 2
 ADAPTBB : AdaptBB 1.0
 GEEKLOG : Geeklog 1.5
 LGASOFT : SASPCMS 0.9
 NET2FTP : net2ftp 0.97
CVE:CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.)
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.)
 CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.)
Original documentdocumentc1c4tr1z_(at)_voodoo-labs.org, net2ftp <= 0.97 Cross-Site Scripting/Request Forgery (10.04.2009)
 documentMatthew Dempsky, Adgregate ShopAd widget validation is vulnerable to replay attack (10.04.2009)
 documentadmin_(at)_bugreport.ir, SASPCMS Multiple Vulnerabilities (10.04.2009)
 documentSalvatore "drosophila" Fresta, AdaptBB 1.0 Beta Multiple Remote Vulnerabilities (10.04.2009)
 documentrgod, Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability (10.04.2009)
 documentrgod, Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (10.04.2009)
 documentalphanix00_(at)_gmail.com, Exjune Guestbook v2 Remote Database Disclosure Exploit (10.04.2009)
 documentMustLive, Code Execution vulnerability in Openads (10.04.2009)
Files:Exjune Guestbook v2 Remote Database Disclosure Exploit
 Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod