Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.04.2008
Source:
SecurityVulns ID:8855
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DATALIFEENGINE : Datalife Engine 6.7
Original documentdocumentirancrash_(at)_gmail.com, Datalife Engine 6.7 XSRF (02.04.2008)
 documentnebelfrost23_(at)_web.de, Writers Block SQL Injection Vulnerabilities (02.04.2008)

Apache-SSL multiple security vulnerabilities
Published:02.04.2008
Source:
SecurityVulns ID:8856
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on environment variable initialization from client certificates data.
CVE:CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.)
Original documentdocumentAdam Laurie, ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 (02.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod