Computer Security
[EN] securityvulns.ru no-pyccku


Mercurial version control system unauthroized access
Published:04.07.2008
Source:
SecurityVulns ID:9129
Type:remote
Threat Level:
5/10
Description:Directory traversal.
CVE:CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.)
Original documentdocumentRPATH, rPSA-2008-0211-1 mercurial mercurial-hgk (04.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.07.2008
Source:
SecurityVulns ID:9128
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting.
Affected:SLAED : SLAED CMS Lite 2.5
 XPOZE : Expoze Photo Store 1.0
 1024CMS : 1024 CMS 1.4
Original documentdocumentDigital Security Research Group [DSecRG], [DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC (04.07.2008)
 documentNoname Noname, Xpoz SQL-INJECTION, XSS. (04.07.2008)
 documentMustLive, Vulnerabilities in SLAED CMS (04.07.2008)

WeFi information leak
updated since 04.07.2008
Published:10.07.2008
Source:
SecurityVulns ID:9130
Type:local
Threat Level:
5/10
Description:Log files are stored in world-readable folder.
Affected:WEFI : WeFi 3.2
 WEFI : WeFi 3.3
Original documentdocumentXiaShing_(at)_gmail.com, Local information disclosure in WeFi Client v3.3.3.0 (10.07.2008)
 documentXiaShing_(at)_gmail.com, Local vulnerability in WeFi Client v3.2.1.4.1(Update) (04.07.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod