Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		09.10.2006
Source:
SecurityVulns ID:		6694
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PROXY2 : Advanced Poll 2.02
		PAFILEDB : paFileDB 3.1
		PHPWEBSITE : phpWebSite 0.10
		MOODLE : Moodle 1.6
		4HOMEPAGES : 4images 1.7
		PSYCHOSTATS : PsychoStats 3.01
		ISEARCH : iSearch 2.16
		DOCMINT : docmint 2.0
		PHPMYNEWS : PHPMyNews 1.4
		OPENDOC : Easy Doc 1.4
		OPENDOC : Easy Blog 1.4
		OBDEV : WebYep 1.1
		FREENEWS : Freenews 1.1
		OPENDOCK : Easy Gallery 1.4

Original document		erdc_(at)_echo.or.id, [ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006)
		disfigure, SQL injection - moodle (09.10.2006)
		disfigure, SQL injection - 4images (09.10.2006)
		XORON, Freenews v1.1 <= (chemin) Remote File Include Vulnerability (09.10.2006)
		zarloule04_(at)_hotmail.fr, XSS IN paFileDB 3.1 (09.10.2006)
		crackers child, phpWebSite 0.10.2 Remote File Include Vulnerabilities (09.10.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability (09.10.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006)
		XORON, PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability (09.10.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability (09.10.2006)
		alguidy_(at)_hotmail.com, Advanced Poll v2.02 :) <= Remote File Inclusion (09.10.2006)
		xp1o_(at)_msn.com, The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit (09.10.2006)

Files:		PsychoStats v3.x Remote File view exploit
		docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Exploit
Discuss:		Read or add your comments to this news (0 comments)

PHP integer overflow
Published:		09.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6695
Type:		library
Level:		6/10
Description:		unserialize() function integer overflow.

Affected:		PHP : PHP 4.3
		PHP : PHP 5.1
CVE:		CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).)

Original document

Stefan Esser, Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow (09.10.2006)

Discuss:

Read or add your comments to this news (0 comments)

PHP open_basedir protection bypass updated since 04.10.2006
Published:		09.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6681
Type:		local
Level:		5/10
Description:		By using symbolic links in race period of time it's possible to bypass open_basedir protection.

Affected:		PHP : PHP 4.4
		PHP : PHP 5.2

Original document		paisterist.nst_(at)_gmail.com, PHP open_basedir with symlink() function Race Condition PoC exploit (09.10.2006)
		Stefan Esser, Advisory 08/2006: PHP open_basedir Race Condition Vulnerability (04.10.2006)

Discuss:

Read or add your comments to this news (0 comments)

OpenSSH timing attacks updated since 03.05.2003
Published:		09.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		2789
Type:		remote
Level:		5/10
Description:		It's possible to check user's validity by measuring response time.

Affected:		OPENSSH : OpenSSH 3.6
		NOKIA : IPSO 3.0
		OPENSSH : OpenSSH 4.1

Original document		Marco Ivaldi, yet another OpenSSH timing leak? (09.10.2006)
		Marco Ivaldi, OpenSSH/PAM timing attack allows remote users identification (03.05.2003)

Files:		OpenSSH <= 3.6.p1 - User Identification
Discuss:		Read or add your comments to this news (0 comments)