Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.01.2008
Source:
SecurityVulns ID:8565
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch PHP: crossite scripting
Affected:GFORGE : gforge 3.1
 GFORGE : gforge 4.5
 GFORGE : gforge 4.6
CVE:CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.)
Original documentdocumentSmasher_(at)_ciucciamiilcalzino.it, Garment Center (index.cgi) Local File Inclusion (15.01.2008)
 documentJose Luis Góngora Fernández, Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily (15.01.2008)
 documentDEBIAN, [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection (15.01.2008)
 documentMustLive, Cross-Site Scripting vulnerability in RiSearch PHP (15.01.2008)

Apple Safari DoS
updated since 15.01.2008
Published:15.01.2008
Source:
SecurityVulns ID:8566
Type:client
Threat Level:
3/10
Description:Malcrafted HTML causes browser to crash.
Affected:APPLE : MacOS X 10.4
Original documentdocumentS21sec labs, Safari 2 Denial of Service (15.01.2008)

F5 BIG-IP crossite scripting
updated since 15.01.2008
Published:15.01.2008
Source:
SecurityVulns ID:8567
Type:remote
Threat Level:
4/10
Description:Administration interface crossite scripting
Affected:F5 : BIG-IP 9.4
Original documentdocumentnnposter_(at)_disclosed.not, F5 BIG-IP Web Management ASM Security Report XSS (27.01.2008)
 documentnnposter_(at)_disclosed.not, F5 BIG-IP Web Management List Search XSS (15.01.2008)

IBM Tivoli Storage Manager Express Backup Server buffer overflow
Published:15.01.2008
Source:
SecurityVulns ID:8568
Type:remote
Threat Level:
5/10
Description:TSM Express Backup Server (TCP/1500) buffer overflow.
Affected:IBM : Tivoli Storage Manager Express 5.3
CVE:CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a crafted packet.)
Original documentdocumentZDI, ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability (15.01.2008)

Macrovision FlexNet Connect ActiveX code execution
Published:15.01.2008
Source:
SecurityVulns ID:8569
Type:remote
Threat Level:
7/10
Description:Insecure methods are available through ISDM.exe and isusweb.dll.
Affected:MACROVISION : FlexNet Connect 6.1
Original documentdocumentElazar Broad, [Full-disclosure] Macrovision FlexNet Connect DownloadManager Insecure Methods (15.01.2008)
Files:Macrovision FlexNet DownloadManager Insecure Methods Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod