 |
|
|
|
Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007 | | Published: |  | 13.12.2007 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 8438 | | Type: |  | client | | Level: |  | 8/10 | | Description: |  | Multiple memory corruptions. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | CVE: |  | CVE-2007-5347 | | | | CVE-2007-5344 | | | | CVE-2007-3903 | | | | CVE-2007-3902 |
| Original document |  | IDEFENSE, iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability (13.12.2007) |
| | | ZDI, ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (12.12.2007) |
| | | ZDI, ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption (12.12.2007) |
| | | ZDI, ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability (12.12.2007) |
| | | MICROSOFT, Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615) (12.12.2007) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 13.12.2007 | | Source: | | | | SecurityVulns ID: | | 8441 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Rotabanner: crossite scripting |
| Affected: | | MKPORTAL : MKPortal 1.1 | | | | WORDPRESS : WordPress 2.3 | | | | BRAINHEAD : Brainhead 4.01 | | | | SQUIRELMAIL : SquirrelMail GPG plugin 2.0 | | | | SQUIRELMAIL : SquirrelMail GPG plugin 2.1 | | | | ROUNDCUBE : RoundCube 0.1 | | | | BITWEAVER : Bitweaver 2.0 | | | | FALT4 : Falt4Extreme CMS RC4 | | | | KAYAKO : Kayako SupportSuite | | | | HTDIG : htdig 3.2 | | CVE: | | CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.) |
| Original document | | Sw33t.h4cK3r_(at)_hotmail.com, SQL MKPortal M1.1 Rc1 (13.12.2007) |
| | | imei, SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS (13.12.2007) |
| | | Abel Cheung, WordPress Charset SQL injection vulnerability (re-resend) (13.12.2007) |
| | | Liquidmatrix Security Digest, Advisory: Websense XSS Vulnerability (13.12.2007) |
| | | bebe_(at)_gmail.com, SQL injection - GestDownV1.00Beta (13.12.2007) |
| | | mesut_(at)_h-labs.org, Falt4 CMS Security Report/Advisory (13.12.2007) |
| | | noreply_(at)_aria-security.net, bttlxeForum Multiple SQL Injection And Cross Site Scripting (13.12.2007) |
| | | Hackers Center Security Group, Bitweaver XSS & SQL Injection Vulnerability (13.12.2007) |
| | | kingoftheworld92_(at)_fastwebnet.it, Flat PHP Board <= 1.2 Multiple Vulnerabilities (13.12.2007) |
| | | Tomas Kuliavas, Unsanitized scripting in RoundCube webmail (13.12.2007) |
| | | Tomas Kuliavas, Two vulnerabilities in SquirrelMail GPG plugin (13.12.2007) |
| | | brainheadbrainhead_(at)_gmx.de, webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability (13.12.2007) |
| | | MustLive, Vulnerabilities in RotaBanner (13.12.2007) |
| PEAR::MDB2 information leak | | Published: | | 13.12.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8445 | | Type: | | library | | Level: | | 5/10 | | Description: | | Under some conditions it's possible to proxy requests to different objects, including local files. |
| CVE: | | CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.) |
| |
|
| |
