Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.04.2009
Source:
SecurityVulns ID:9798
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: information leakage, protection bypass, unauthorized access.
Affected:POWERPHLOGGER : Power Phlogger 2.2
 FAMILYCMS : Family Connections 1.8
 IGNITE : Realtime Openfire 3.6
 JOOMLA : com_bookjoomlas Joomla Component 0.1
 VBULLETIN : vBulletin 3.8
 AMAYA : Amaya 11.1
CVE:CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.)
 CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin.)
 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.)
 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.)
 CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.)
 CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.)
Original documentdocumentMustLive, New vulnerabilities in Power Phlogger (07.04.2009)
 documentdontcontactorspamme_(at)_aria-security.com, Amaya 11.1 XHTML Parser Buffer Overflow (07.04.2009)
 documentdontcontactorspamme_(at)_aria-security.com, [Aria-Security.com] vBulletin multiple XSS (07.04.2009)
 documentSalvatore "drosophila" Fresta, Joomla Component com_bookjoomlas SQL Injection Vulnerability (07.04.2009)
 documentSalvatore "drosophila" Fresta, Family Connections 1.8.2 Blind SQL Injection (Correct Version) (07.04.2009)
 documentGENTOO, [ GLSA 200904-01 ] Openfire: Multiple vulnerabilities (07.04.2009)
Files:Amaya 11.1 XHTML Parser Buffer Overflow POC
 Family Connection <= 1.8.2 - Remote Command Execution

Sun Java System Identity Manager / Access Manager accounts enumeration
Published:07.04.2009
Source:
SecurityVulns ID:9799
Type:remote
Threat Level:
3/10
Description:Replies for invalid username and invalid password are different.
Affected:SUN : Identity Manager 7.0
 SUN : Identity Manager 7.1
 SUN : Identity Manager 8.0
 SUN : Sun Java System Access Manager 6
 SUN : Sun Java System Access Manager 7
 SUN : Sun Java System Access Manager 7.1
Original documentdocumentMarco Mella, POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration (07.04.2009)

blender / gedit / gnumeric / vim / eog python scripts code execution
updated since 17.02.2009
Published:07.04.2009
Source:
SecurityVulns ID:9683
Type:local
Threat Level:
4/10
Description:sys.path variable manipulation is possible to load arbitrary modules.
Affected:GNUMERIC : gnumeric 1.8
 BLENDER : Blender 2.46
 GEDIT : gedit 2.24
 EPIPHANY : epiphany 2.24
 EOG : Eye of GNOME 2.22
CVE:CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.)
 CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.)
 CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.)
Original documentdocumentGENTOO, [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path (07.04.2009)
 documentMANDRIVA, [ MDVSA-2009:063 ] eog (04.03.2009)
 documentMANDRIVA, [ MDVSA-2009:048 ] epiphany (25.02.2009)
 documentMANDRIVA, [ MDVSA-2009:048-1 ] epiphany (24.02.2009)
 documentMANDRIVA, [ MDVSA-2009:047 ] vim (21.02.2009)
 documentMANDRIVA, [ MDVSA-2009:043 ] gnumeric (20.02.2009)
 documentMANDRIVA, [ MDVSA-2009:038 ] blender (17.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod