Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 17.08.2009
Source:
SecurityVulns ID: 10153
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: ZOPE : zope 2.9
ZOPE : zope 2.10
DUGALLERY : DUGallery 3.0
PIWIGO : Piwigo 2.0
CVE: CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.)
CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.)

Original document DEBIAN, [SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution (17.08.2009)

Sense of Security, Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 (17.08.2009)

spymeta_(at)_yahoo.com, DUgallery 3.0 / Remote Admin Bug (17.08.2009)

Discuss: Read or add your comments to this news (0 comments)

test server