Computer Security
[EN] securityvulns.ru
no-pyccku

  

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2008
Source:
SecurityVulns ID:8760
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.
Affected:HORDE : Horde 3.1
 WORDPRESS : WordPress 2.3
Original documentdocumentnbbn_(at)_gmx.net, WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability (09.03.2008)
 documentnnposter_(at)_disclosed.not, Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure (09.03.2008)
 documentr080cy90r_(at)_gmail.com, PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding (09.03.2008)
 documentHackers Center Security Group, Horde Webmail file inclusion proof of concept & patch. (09.03.2008)
 documentHackers Center Security Group, WordPress Multiple Cross-Site Scripting Vulnerabilities (09.03.2008)
 documentlovebug_(at)_hotmail.it, PHP-Nuke KutubiSitte "kid" SQL Injection (09.03.2008)
Files:PHP-NUKE KutubiSitte [kid] => SQL Injection

Checkpoint VPN-1 Edge crossite scripting
Published:09.03.2008
Source:
SecurityVulns ID:8761
Type:remote
Threat Level:
6/10
Description:Crossite scriptign with web authorization page.
Original documentdocumentHenri Lindberg - Smilehouse Oy, Henri Lindberg - Smilehouse Oy (09.03.2008)

lighthttpd information leakage
Published:09.03.2008
Source:
SecurityVulns ID:8763
Type:remote
Threat Level:
5/10
Description:It's possible to obtain CGI source code under some conditions.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure (09.03.2008)

Neptune Web Server crossite scripting
Published:09.03.2008
Source:
SecurityVulns ID:8765
Type:remote
Threat Level:
5/10
Description:Crossite scriptign with error page.
Affected:NEPTUNE : Neptune Web Server 3.0
Original documentdocumentnima_501_(at)_yahoo.com, XSS in Neptune Web Server (09.03.2008)

Panda Internet Security / Antivirus memory corruption
Published:09.03.2008
Source:
SecurityVulns ID:8766
Type:local
Threat Level:
5/10
Description:cpoint.sys IOCTL processing memory corruption.
Affected:PANDA : Panda Internet Security 2008
Original documentdocumenttk_(at)_trapkit.de, [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability (09.03.2008)

MicroWorld eScan Server directory traversal
Published:09.03.2008
Source:
SecurityVulns ID:8762
Type:remote
Threat Level:
5/10
Description:Embedded TCP/2021 FTP server directory traversal.
Affected:MICROWORLD : eScan Server 9.0
Original documentdocumentLuigi Auriemma, Directory traversal in MicroWorld eScan Server 9.0.742.98 (09.03.2008)

tomboy code execution
Published:09.03.2008
Source:
SecurityVulns ID:8764
Type:local
Threat Level:
5/10
Description:Invalid dynamic library path.
Affected:TOMBOY : tomboy 0.6
CVE:CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling (09.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru