Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.02.2009
Source:
SecurityVulns ID:9681
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SNOOPY : Snoopy 1.2
 MOODLE : Moodle 1.6
 MOODLE : Moodle 1.7
 MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 SAMIZDAT : Samizdat 0.6
 WEBSVN : WebSVN 2.0
 WEBSVN : WebSVN 1.7
 RAVENNUKE : RavenNuke 2.3
CVE:CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.)
 CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.)
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.)
 CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.)
Original documentdocumentJanek Vind, [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 (16.02.2009)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1725-1] New websvn packages fix information leak (16.02.2009)
 documentDmitry Borodaenko, Cross-site scripting in Samizdat 0.6.1 (16.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities (16.02.2009)

cryptsetup functionality problem
Published:16.02.2009
Source:
SecurityVulns ID:9682
Type:local
Threat Level:
4/10
Description:It's impossible to delete keyslot while using key from same keyslot.
Affected:CRYPTSETUP : cryptsetup 1,0
Original documentdocumentPierre Dinh-van, cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian (16.02.2009)

FreeBSD telnetd privilege escalation
updated since 16.02.2009
Published:17.02.2009
Source:
SecurityVulns ID:9680
Type:remote
Threat Level:
9/10
Description:LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges. For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc).
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 7.1
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd (17.02.2009)
 documentKingcope Kingcope, [Full-disclosure] FreeBSD zeroday (16.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod