Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.02.2007
Source:
SecurityVulns ID:7212
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPPOLLS : phpPolls 1.0
 MEDIAWIKI : MediaWiki 1.9
 BTITEAM : BtitTracker 1.4
 PRB : php rrd browser 0.2
 PHPMYVISITIES : phpMyVisites 2.2
 KILLERVAULT : KvGuestbook 1.0
CVE:CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.)
 CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.)
 CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.)
 CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.)
 CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.)
 CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".)
 CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.)
 CVE-2006-4750 (PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.)
Original documentdocumentx0r0n_(at)_hotmail.com, Philboard (id) Remote SQL Injection (12.02.2007)
 documenty3dips, [ECHO_ADV_64$2007] Openi CMS plugins (site protection) remote file inclusion (12.02.2007)
 documentcrazy_king_(at)_eno7.org, KvGuestbook Remote Add Admin Exploit (12.02.2007)
 documentraphael.huck_(at)_free.fr, MediaWiki Full Path Disclosure Vulnerability (12.02.2007)
 documentsn0oPy.team_(at)_gmail.com, phpPolls 1.0.3 (acces to sensitive file) (12.02.2007)
 documentbeNi, [Full-disclosure] different Wordpress Vulnerabilities (12.02.2007)
 documentnicob_(at)_nicob.net, [Full-disclosure] Multiple vulnerabilities in phpMyVisites (12.02.2007)
 documentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) (12.02.2007)
 documentPeko Takov, BtitTracker 1.4 XSS (12.02.2007)

IP3 NetAccess directory traversal
Published:12.02.2007
Source:
SecurityVulns ID:7213
Type:remote
Threat Level:
5/10
Description:Directory traversal in Web administration interface.
Affected:IP3 : NetAccess 4.1
CVE:CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.)
Original documentdocumentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 (12.02.2007)

Microsoft Internet Explorer / Mozilla Firefox user input hijacking
Published:12.02.2007
Source:
SecurityVulns ID:7214
Type:client
Threat Level:
5/10
Description:It's possible to hijack input focus by using OnKeyDown / OnKeyPress events.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
CVE:CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.)
Original documentdocumentMichal Zalewski, [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification (12.02.2007)
 documentMichal Zalewski, [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers) (12.02.2007)

ĀµTorrent buffer overflow
Published:12.02.2007
Source:
SecurityVulns ID:7215
Type:client
Threat Level:
6/10
Description:Buffer overflow on .torrent file announce section parsing.
Affected:UTORRENT : ĀµTorrent 1.6
CVE:CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.)
Files:PoC remote exploit for uTorrent 1.6

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod