Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 16.07.2009
Source:
SecurityVulns ID: 10074
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: LIFETYPE : LifeType 1.2
VIRTUALMIN : Virtualmin 3.702
ADMINNEWSTOOLS : Admin News Tools 2.5
ILIASLMS : ILIAS LMS 3.10
MIMETEX : mimeTeX
MATHTEX : mathTeX
CVE: CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.)
CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.)

Original document Andrea Barisani, [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection (16.07.2009)

y3nh4ck3r_(at)_gmail.com, MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9--> (16.07.2009)

info_(at)_securitylab.ir, Admin News Tools 2.5 Remote File Download Vulnerability (16.07.2009)

document filip.palian_(at)_pjwstk.edu.pl, Virtualmin Multiple Vulnerabilities (16.07.2009)

Cru3l.b0y, LifeType 1.2.8 Remote File Inclusion Vulnerability (16.07.2009)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server