Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.05.2008
Published:06.05.2008
Source:
SecurityVulns ID:8968
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 2.20
 QTOFILEMANAGER : QTOFileManager 1.0
 BUGZILLA : Bugzilla 2.22
 LIFETYPE : LifeType 1.2
 BUGZILLA : Bugzilla 3.0
 BUGZILLA : Bugzilla 3.1
 PHPMYADMIN : phpMyAdmin 2.11
 RELAY : Relay 1.0
 MAIAN : Maian Uploader 4.0
 ONLINERENT : Online Rental Property Script 4.5
 POSTNUKE : pnEncyclopedia 0.2 module for PostNuke
 ANSERV : Anserv Auction XL
 SCOUTPORTAL : Scout Portal Toolkit 1.4
 KMITA : Kmita Mail 3.0
 KMITA : Kmita Tellfriend 2.0
CVE:CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.)
Original documentdocumentBUGZILLA, Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, [ GLSA 200805-02 ] phpMyAdmin: Information disclosure (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, QTOFileManager V 1.0<== Remote File Upload Vulnerability (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, Power Editor LOCAL FILE INCLUSION Vulnerbility (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability (06.05.2008)
 documentJose Luis Góngora Fernández, Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability (06.05.2008)
 documentirancrash_(at)_gmail.com, Maian Uploader v4.0 XSS Vulnerabilities (06.05.2008)
 documentirancrash_(at)_gmail.com, LifeType 1.2.8 (06.05.2008)
 documentMustLive, SQL Injection in Relay (06.05.2008)
 documentMustLive, SQL Injection and Cross-Site Scripting vulnerabilities in Relay (06.05.2008)
Files:Relay Blind SQL Injection Exploit
 Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit

CUPS PNG files DoS
Published:06.05.2008
Source:
SecurityVulns ID:8969
Type:remote
Threat Level:
5/10
Description:PNG image size is not checked.
Affected:CUPS : cups 1.3
CVE:CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.)
Original documentdocumentUBUNTU, [USN-606-1] CUPS vulnerability (06.05.2008)

blender 3D modelling application byffer overflow
Published:06.05.2008
Source:
SecurityVulns ID:8970
Type:client
Threat Level:
4/10
Description:Buffer overflow on Radiance High Dynamic Range (HDR) format parsing.
Affected:BLENDER : blender 2.42
CVE:CVE-2008-1102
Original documentdocumentDEBIAN, [SECURITY] [DSA 1567-1] New blender packages fix arbitrary code execution (06.05.2008)

Novell eDirectory multiple security vulnerabilities
Published:06.05.2008
Source:
SecurityVulns ID:8971
Type:remote
Threat Level:
6/10
Description:HTTP interface TCP/8028 TCP/8030 DoS, SOAP interface unauthroized access (TCP/8028 TCP/8030).
Affected:NOVELL : eDirectory 8.7
 NOVELL : eDirectory 8.8
Original documentdocumentnicob_(at)_nicob.net, Novell eDirectory unauthenticated access to SOAP interface (06.05.2008)
 documentnicob_(at)_nicob.net, Novell eDirectory DoS via HTTP headers (06.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod