 |
|
|
|
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.05.2008 | | Published: |  | 06.05.2008 | | Source: |  | | | SecurityVulns ID: |  | 8968 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | BUGZILLA : Bugzilla 2.20 | | | | QTOFILEMANAGER : QTOFileManager 1.0 | | | | BUGZILLA : Bugzilla 2.22 | | | | LIFETYPE : LifeType 1.2 | | | | BUGZILLA : Bugzilla 3.0 | | | | BUGZILLA : Bugzilla 3.1 | | | | PHPMYADMIN : phpMyAdmin 2.11 | | | | RELAY : relay 1.0 | | | | MAIAN : Maian Uploader 4.0 | | | | ONLINERENT : Online Rental Property Script 4.5 | | | | POSTNUKE : pnEncyclopedia 0.2 module for PostNuke | | | | ANSERV : Anserv Auction XL | | | | SCOUTPORTAL : Scout Portal Toolkit 1.4 | | | | KMITA : Kmita Mail 3.0 | | | | KMITA : Kmita Tellfriend 2.0 | | CVE: |  | CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.) |
| Original document |  | BUGZILLA, Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 (06.05.2008) |
| | | hadihadi_zedehal_2006_(at)_yahoo.com, [ GLSA 200805-02 ] phpMyAdmin: Information disclosure (06.05.2008) |
| | | hadihadi_zedehal_2006_(at)_yahoo.com, QTOFileManager V 1.0<== Remote File Upload Vulnerability (06.05.2008) |
| | | hadihadi_zedehal_2006_(at)_yahoo.com, Power Editor LOCAL FILE INCLUSION Vulnerbility (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability (06.05.2008) |
| | | Jose Luis Góngora Fernández, Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability (06.05.2008) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability (06.05.2008) |
| | | irancrash_(at)_gmail.com, Maian Uploader v4.0 XSS Vulnerabilities (06.05.2008) |
| | | irancrash_(at)_gmail.com, LifeType 1.2.8 (06.05.2008) |
| | | MustLive, SQL Injection in Relay (06.05.2008) |
| | | MustLive, SQL Injection and Cross-Site Scripting vulnerabilities in Relay (06.05.2008) |
| blender 3D modelling application byffer overflow | | Published: | | 06.05.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8970 | | Type: | | client | | Level: | | 4/10 | | Description: | | Buffer overflow on Radiance High Dynamic Range (HDR) format parsing. |
| |
|
| |
