Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.08.2009
Source:
SecurityVulns ID:10153
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZOPE : zope 2.9
 ZOPE : zope 2.10
 DUGALLERY : DUGallery 3.0
 PIWIGO : Piwigo 2.0
CVE:CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.)
 CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution (17.08.2009)
 documentSense of Security, Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 (17.08.2009)
 documentspymeta_(at)_yahoo.com, DUgallery 3.0 / Remote Admin Bug (17.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod