Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.05.2008
Source:
SecurityVulns ID:8982
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
Affected:SAZCART : SazCart 1.5
 CPANEL : cPanel 11.18
 CPANEL : WHM 11.15
 PHPFUSION : PHP-Fusion 6.01
CVE:CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.)
 CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.)
Original documentdocumentCharles "real" F., PHP-Fusion <= 6.01.15 Multiple Vulnerabilities (11.05.2008)
 documentBreeeeh_(at)_hotmail.com, OtherLogic[vocourse.php]SQL Injection Exploit (11.05.2008)
 documentJose Luis Góngora Fernández, SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit (11.05.2008)
 documentMatteo Carli, XSS and CSRF vulnerability on Cpanel 11 (11.05.2008)
Files:SazCart <= v1.5.1 (details&prodid) Remote SQL Injection Exploit

Oracle Application Server unauthorized access
Published:11.05.2008
Source:
SecurityVulns ID:8983
Type:remote
Threat Level:
6/10
Description:It's possible to bypass authentication.
Affected:ORACLE : Oracle 10g
Original documentdocumentDeniz Cevik, Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability (11.05.2008)

InspIRCd buffer overflow
updated since 11.05.2008
Published:11.05.2008
Source:
SecurityVulns ID:8984
Type:remote
Threat Level:
5/10
Description:namesx and uhnames modules buffer overflows.
Affected:INSPIRCD : InspIRCd 1.1
CVE:CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.)
Original documentdocumentGENTOO, [ GLSA 200805-08 ] InspIRCd: Denial of Service (11.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod