Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.03.2008
Source:
SecurityVulns ID:8740
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FLYSPRAY : Flyspray 0.9
 DYNAMICPHOTOGALL : Dynamic photo gallery 1.02
 KCWIKI : kcwiki 1.0
 XPBOOK : XP Book 3.0
 TORRENTTRADER : TorrentTrader Classic 1.08
Original documentdocumentValery Marchuk, Cross-site Scripting and CSRF in TorrentTrader Classic v1.08 (03.03.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities (03.03.2008)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS in XP Book version 3.0 (03.03.2008)
 documentmuuratsalo experimental hack lab, kcwiki 1.0 multiple remote file inclusion vulnerabilities. (03.03.2008)
 documentno-reply_(at)_aria-security.net, Dynamic photo gallery V1.02 SQL Injection (03.03.2008)

Borland Starteam Server integer overflows
Published:03.03.2008
Source:
SecurityVulns ID:8744
Type:remote
Threat Level:
5/10
Description:Multiple integer overflows.
Affected:BORLAND : StarTeam server 2008
Original documentdocumentLuigi Auriemma, Multiple integer overflows in Borland StarTeam server 10.0.0.57 (03.03.2008)

Audacity symbolic links vulnerability
Published:03.03.2008
Source:
SecurityVulns ID:8742
Type:local
Threat Level:
5/10
Description:Unsafe temporary files creation.
Affected:AUDACITY : Audacity 1.3
Original documentdocumentGENTOO, [ GLSA 200803-03 ] Audacity: Insecure temporary file creation (03.03.2008)

PacketTrap PT360 TFTP directory traversal and DoS
updated since 03.03.2008
Published:11.03.2008
Source:
SecurityVulns ID:8743
Type:remote
Threat Level:
5/10
Description:TFTP server directory traversal.
Affected:PACKETTRAP : PT360 Tool Suite 1.1
Original documentdocumentLuigi Auriemma, Denial of Service in PacketTrap TFTP server 2.0.3901.0 (11.03.2008)
 documentVulnerabilityResearch_(at)_digitaldefense.net, DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability (04.03.2008)
 documentVulnerabilityResearch_(at)_digitaldefense.net, DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability (03.03.2008)
Files:TFTP server tester

Squid Analysis Report Generator buffer overflow
updated since 03.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8741
Type:remote
Threat Level:
6/10
Description:Buffer overflow and crossite scripting on oversized User-Agent in squid log.
Affected:SARG : Squid Analysis Report Generator 2.2
CVE:CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code (13.03.2008)
 documentL4teral, Squid Analysis Report Generator <= 2.2.3.1 buffer overflow (03.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod