Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.03.2008
Source:
SecurityVulns ID:8767
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VHCS : VHCS 2.4
 MOINMOIN : MoinMoin 1.5
 PHPMYADMIN : phpMyAdmin 2.11
CVE:CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.)
 CVE-2008-1099
 CVE-2008-1098
 CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via ".." sequences in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.)
 CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.)
 CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.)
Original documentdocumentgmdarkfig_(at)_gmail.com, VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit (10.03.2008)
 documentlovebug_(at)_hotmail.it, PHP-Nuke SQL injection Module "Hadith" [cat] (10.03.2008)
 documentGENTOO, [ GLSA 200803-15 ] phpMyAdmin: SQL injection vulnerability (10.03.2008)
 documentDEBIAN, [SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities (10.03.2008)
Files:VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod