Computer Security
[EN] securityvulns.ru no-pyccku


Qbik WinGate format string vulnerability
Published:13.08.2007
Source:
SecurityVulns ID:8032
Type:remote
Threat Level:
9/10
Description:Unsafe vsprintf() call on invalid SMTP command.
Affected:QBIK : WinGate 6.2
Original documentdocumentHarmony Security Advisory, [HS-A007] Qbik WinGate Remote Denial of Service (13.08.2007)

OpenSSL cryptographic vulnerability
Published:13.08.2007
Source:
SecurityVulns ID:8033
Type:local
Threat Level:
5/10
Description:Montgomery multiplication for elleptic cryptography is not applied in BN_from_montgomery() functions, making it possible to retrieve RSA private key of different user.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.)
Original documentdocumentRPATH, rPSA-2007-0155-1 openssl openssl-scripts (13.08.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.08.2007
Source:
SecurityVulns ID:8034
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.0
 WORDPRESS : WordPress Classic 1.5
 LINKLISTE : Linkliste 1.2
 PHPDVD : phpDVD 1.0
 FCMS : Family Connections 0.1
 SOTE : SOTEeSKLEP 3.1
 SOTE : SOTEeSKLEP 3.5
 LIB2PHP : Lib2 PHP 0.2
 BEAUTIFIER : Beautifier 0.1
CVE:CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).)
Original documentdocumentilkerKandemir_(at)_mynet.com, mcNews (skinfile) Remote File Include Vulnerability (13.08.2007)
 documentilkerKandemir_(at)_mynet.com, Beautifier Version 0.1 Remote File Include Vulnerability // MefistoLabs.Com (13.08.2007)
 documentilkerKandemir_(at)_mynet.com, Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability (13.08.2007)
 documenttheoden_(at)_interia.pl, SOTEeSKLEP Remote File Disclosure Vulnerability (13.08.2007)
 documentvasodipandora_(at)_gmail.com, php-stats xss whois.php (13.08.2007)
 documentrouter_(at)_email.si, Joomla 1.0.12 CMS - Session fixation Issue in backend Administration interface (13.08.2007)
 documentilkerKandemir_(at)_mynet.com, FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com (13.08.2007)
 documentilkerKandemir_(at)_mynet.com, phpDVD v1.0.4 (dvd_config_file) Remote File Include Exploit (13.08.2007)
 documentrizgar_(at)_linuxmail.org, Best Top List Remote File Upload Vulnerability (13.08.2007)
 documentIvan Niiiil, 0day Linkliste Version 1.2 Remote File Include by iNs (13.08.2007)
 documentMustLive, Vulnerability in theme WordPress Classic 1.5 (13.08.2007)
Files:phpDVD v1.0.4 (dvd_config_file) Remote File Include Exploit
 FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod