Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:10074
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LIFETYPE : LifeType 1.2
 VIRTUALMIN : Virtualmin 3.702
 ADMINNEWSTOOLS : Admin News Tools 2.5
 MIMETEX : mimeTeX
 MATHTEX : mathTeX
CVE:CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.)
 CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.)
Original documentdocumentAndrea Barisani, [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection (16.07.2009)
 documenty3nh4ck3r_(at), MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9--> (16.07.2009)
 documentinfo_(at), Admin News Tools 2.5 Remote File Download Vulnerability (16.07.2009)
 documentfilip.palian_(at), Virtualmin Multiple Vulnerabilities (16.07.2009)
 documentCru3l.b0y, LifeType 1.2.8 Remote File Inclusion Vulnerability (16.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod