Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.06.2008
Source:
SecurityVulns ID:9088
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger - information leak, crossite scripting. Simple Machines - crossite scripting.
Affected:SMF : Simple Machines Forum 1.1
 PRENEWSMANAGER : Pre News Manager 1.0
 POWERPHLOGGER : Power Phlogger 2.2
 AZIMYT : Open Azimyt CMS 0.21
 AZIMYT : Open Azimyt CMS 0.22
 PREADSPORTAL : Pre Ads Portal 2.0
Original documentdocumentJose Luis Góngora Fernández, E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability (16.06.2008)
 documentEduardo Jorge, Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) (16.06.2008)
 documentJose Luis Góngora Fernández, PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability (16.06.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability (16.06.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability (16.06.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-026] LFI in Open Azimyt CMS 0.22 (16.06.2008)
 documentirancrash_(at)_gmail.com, VistaReseller Panel BETA Xss Vulnerability (16.06.2008)
 documentelektronic_(at)_antichat.ru, SMF <= 1.1.4 COOKIE[topic] SQL-Injection Exploit (16.06.2008)
 documentMustLive, Multiple new vulnerabilities in Power Phlogger (16.06.2008)
Files:SMF <= 1.1.4 SQL Injection Exploit

Returnil Virtual System protection bypass
Published:16.06.2008
Source:
SecurityVulns ID:9089
Type:local
Threat Level:
4/10
Description:Configuraiton file encryption password is stored in cleartext in process memory.
Affected:RETURNIL : Returnil Virtual System 2008
Original documentdocumentmikuvoli_(at)_sverige.nu, Returnil Virtual System 2008 - Password Disclosure Issue (16.06.2008)

S.T.A.L.K.E.R. game server DoS
Published:16.06.2008
Source:
SecurityVulns ID:9090
Type:remote
Threat Level:
5/10
Description:Crash on player name longer than 64 characters.
Affected:GSC : S.T.A.L.K.E.R. 1.0006
Original documentdocumentLuigi Auriemma, Denial of Service in S.T.A.L.K.E.R. 1.0006 (16.06.2008)

DUC NO-IP weak encryption
Published:16.06.2008
Source:
SecurityVulns ID:9091
Type:local
Threat Level:
5/10
Description:Password is stored in world-readable registry entry in reversable encryption form.
Original documentdocumentglafkos_(at)_infosec.org.uk, DUC NO-IP Local Password Information Disclosure Vulnerability (16.06.2008)
Files:DUC NO-IP Local Password Information Disclosure

GSC privilege escalation
Published:16.06.2008
Source:
SecurityVulns ID:9092
Type:remote
Threat Level:
4/10
Description:Privileges are only checked on client side.
Affected:GSC : GSC 2067
Original documentdocumentMoose, GSC Privilege Escalation Exploit (16.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod