Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.03.2008
Source:
SecurityVulns ID:8746
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SWORD : sword 1.5
CVE:CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.)
Original documentdocumentno-reply_(at)_aria-security.net, PHP-Nuke Module "seminar" Local FIle Inclusion (04.03.2008)
 documentno-reply_(at)_aria-security.net, PHP-Nuke Module eGallery "pid" Remote SQL Injection (04.03.2008)
 documentGENTOO, [ GLSA 200803-06 ] SWORD: Shell command injection (04.03.2008)

Eye-Fi multiple security vulnerabilities
Published:04.03.2008
Source:
SecurityVulns ID:8748
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in TCP/59278 Web server.
Affected:EYEFI : Eye-Fi 1.1
Original documentdocumentSeth Fogie, Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities (04.03.2008)

Paramiko SSH server weak encryption
Published:04.03.2008
Source:
SecurityVulns ID:8747
Type:remote
Threat Level:
5/10
Description:Weak PRNG generator is used for encryption.
Affected:PARAMIKO : paramiko 1.7
CVE:CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.)
Original documentdocumentGENTOO, [ GLSA 200803-07 ] Paramiko: Information disclosure (04.03.2008)

Multiple BSD systems user-ppp buffer overflow
Published:04.03.2008
Source:
SecurityVulns ID:8745
Type:local
Threat Level:
6/10
Description:Buffer overflow on PPP protocol parsing.
Affected:FREEBSD : FreeBSD 6.3
Original documentdocumentDerek striemer, *BSD user-ppp local root (when conditions permit) (04.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod