Search:Vulnerability:01.04.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 01.04.2008
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8850
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: NUKEDKLAN : Nuked-Klan 1.7
AURACMS : AuraCMS 2.0
AURACMS : AuraCMS 2.1
AURACMS : AuraCMS 2.2
EFESTECH : Efestech video 5.0

Original document Charles "real" F., Nuked-Klan <= 1.7.6 Multiple Vulnerabilities Exploit (01.04.2008)

joseph.giron13_(at)_gmail.com, Terracotta Personal Edition Multiple vulnerabilities (01.04.2008)

joseph.giron13_(at)_gmail.com, cevado technologies real estate CMS SQL injection (01.04.2008)

document Dj_ReMix_20_(at)_hotmail.com, Efestech Video v5,0 (id) Remote Sql Injection (01.04.2008)

nebelfrost23_(at)_web.de, Proviso SiteKiosk File Download Vulnerability (01.04.2008)

r57blg_(at)_gmail.com, AuraCMS 2.x (user.php) - Security Code Bypass & Add Administrator Exploit (01.04.2008)

Files: AuraCMS 2.x (user.php) - Security Code Bypass & Add Administrator Exploit
Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)
Nuked-Klan <= 1.7.6 Multiple Vulnerabilities Exploit
Discuss: Read or add your comments to this news (0 comments)

Avast! antivirus memory corruption
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8852
Type: local
Level: 5/10
Description: Kernel memory corruption in aavmker4.sys on IOCTL processing.

Affected: AVAST : avast! 4.7

Original document tk_(at)_trapkit.de, [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption (01.04.2008)

Discuss: Read or add your comments to this news (0 comments)

PowerDNS DNS cache poisoning attack
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8854
Type: remote
Level: 5/10
Description: Weak PRNG generator allows cache poisoning attack.

Affected: POWERDNS : Recursor 3.1

Original document Amit Klein, Paper by Amit Klein (Trusteer): "PowerDNS Recursor DNS Cache Poisoning [pharming]" (01.04.2008)

Discuss: Read or add your comments to this news (0 comments)

lighthttpd SSL DoS
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8849
Type: remote
Level: 4/10
Description: Termination of one SSL connection may cause another concurrent SSL connection to terminate.

Affected: LIGHTHTTPD : lighttpd 1.4
CVE: CVE-2008-1531 (lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.)

Original document RPATH, rPSA-2008-0132-1 lighttpd (01.04.2008)

Discuss: Read or add your comments to this news (0 comments)

2X ThinClientServer TFTP server directory traversal
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8851
Type: remote
Level: 5/10

Affected: 2X : ThinClientServer 5.0

Original document Luigi Auriemma, Directory traversal in 2X ThinClientServer v5.0_sp1-r3497 (01.04.2008)

Discuss: Read or add your comments to this news (0 comments)

Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion
Published: 01.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8853
Type: client
Level: 6/10
Description: Control allows to download and execute dynamic library from remote site.

Affected: MACROVISION : FLEXnet InstallShield 12
CVE: CVE-2007-5661

Original document IDEFENSE, iDefense Security Advisory 03.31.08: Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability (01.04.2008)

Discuss: Read or add your comments to this news (0 comments)