Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		09.03.2008
Source:
SecurityVulns ID:		8760
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files.

Affected:		HORDE : Horde 3.1
		WORDPRESS : WordPress 2.3

Original document		nbbn_(at)_gmx.net, WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability (09.03.2008)
		nnposter_(at)_disclosed.not, Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure (09.03.2008)
		r080cy90r_(at)_gmail.com, PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding (09.03.2008)
		Hackers Center Security Group, Horde Webmail file inclusion proof of concept & patch. (09.03.2008)
		Hackers Center Security Group, WordPress Multiple Cross-Site Scripting Vulnerabilities (09.03.2008)
		lovebug_(at)_hotmail.it, PHP-Nuke KutubiSitte "kid" SQL Injection (09.03.2008)

Files:		PHP-NUKE KutubiSitte [kid] => SQL Injection
Discuss:		Read or add your comments to this news (0 comments)

Checkpoint VPN-1 Edge crossite scripting
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8761
Type:		remote
Level:		6/10
Description:		Crossite scriptign with web authorization page.

Original document

Henri Lindberg - Smilehouse Oy, Henri Lindberg - Smilehouse Oy (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

lighthttpd information leakage
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8763
Type:		remote
Level:		5/10
Description:		It's possible to obtain CGI source code under some conditions.

Affected:		LIGHTHTTPD : lighttpd 1.4
CVE:		CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.)

Original document

DEBIAN, [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Neptune Web Server crossite scripting
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8765
Type:		remote
Level:		5/10
Description:		Crossite scriptign with error page.

Affected:

NEPTUNE : Neptune Web Server 3.0

Original document

nima_501_(at)_yahoo.com, XSS in Neptune Web Server (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Panda Internet Security / Antivirus memory corruption
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8766
Type:		local
Level:		5/10
Description:		cpoint.sys IOCTL processing memory corruption.

Affected:

PANDA : Panda Internet Security 2008

Original document

tk_(at)_trapkit.de, [TKADV2008-001] Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

MicroWorld eScan Server directory traversal
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8762
Type:		remote
Level:		5/10
Description:		Embedded TCP/2021 FTP server directory traversal.

Affected:

MICROWORLD : eScan Server 9.0

Original document

Luigi Auriemma, Directory traversal in MicroWorld eScan Server 9.0.742.98 (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

tomboy code execution
Published:		09.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8764
Type:		local
Level:		5/10
Description:		Invalid dynamic library path.

Affected:		TOMBOY : tomboy 0.6
CVE:		CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.)

Original document

MANDRIVA, [ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling (09.03.2008)

Discuss:

Read or add your comments to this news (0 comments)