Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.03.2008
Source:
SecurityVulns ID:8790
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Snewscms Rus 2.3: crossite scripting
Affected:HORDE : Horde 3.0
 SMARTY : Smarty 2.6
 WML : wml 2.0
 SNEWSCMS : SnewsCMS Rus 2.3
 EASYCALENDAR : EasyCalendar 4.0
 MULTIPLETIMESHEE : Mutiple Timesheets 5.0
CVE:CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.)
 CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.)
 CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.)
 CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution (17.03.2008)
 documentDEBIAN, [SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure (17.03.2008)
 documentJose Luis Góngora Fernández, Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities (17.03.2008)
 documentJose Luis Góngora Fernández, EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities (17.03.2008)
 documentGENTOO, [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage (17.03.2008)
 documentno-reply_(at)_aria-security.net, Joomla components com_guide "category" Remote SQL Injection [Aria-Security] (17.03.2008)
 documentСергей Моисеев, new vuln in snewscms rus v 2.3 (17.03.2008)

RSA WebID crossite scripting
Published:17.03.2008
Source:
SecurityVulns ID:8792
Type:remote
Threat Level:
5/10
Description:Multipel crossite scripting possibilities.
Affected:RSA : WebID 5.3
CVE:CVE-2005-118
Original documentdocumentquentin.berdugo_(at)_hapsis.fr, Security Advisory on RSA Web ID (XSS) (17.03.2008)

Bootix BootManage TFTPD buffer overflow
Published:17.03.2008
Source:
SecurityVulns ID:8794
Type:remote
Threat Level:
5/10
Description:Buffer overflow on logging.
Affected:BOOTIX : BootManage TFTPD 1.99
 BOOTIX : BootManage Administrator 7.1
Original documentdocumentLuigi Auriemma, Buffer-overflow in BootManage TFTPD 1.99 (17.03.2008)
Files:TFTP server tester

VideoLAN VLC media player multiple security vulnerabilities
updated since 26.12.2007
Published:17.03.2008
Source:
SecurityVulns ID:8494
Type:remote
Threat Level:
6/10
Description:Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080.
Affected:VLC : VLC 0.8
Original documentdocumentLuigi Auriemma, VLC highlander bug (17.03.2008)
 documentLuigi Auriemma, Buffer-overflow and format string in VideoLAN VLC 0.8.6d (26.12.2007)
Files:Exploits Buffer-overflow and format string in VideoLAN VLC 0.8.6d

Raidsonic nas-4220 weak cryptography
Published:17.03.2008
Source:
SecurityVulns ID:8791
Type:local
Threat Level:
5/10
Description:Encryption key is stored with data.
Affected:RAIDSONIC : NAS-4220-B
Original documentdocumentCollin R. Mulliner, raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition) (17.03.2008)

MG-Soft Net Inspector multiple security vulnerabilities
Published:17.03.2008
Source:
SecurityVulns ID:8793
Type:remote
Threat Level:
7/10
Description:Format string vulnerability, directory traversal, DoS conditions.
Affected:MG-SOFT : Net Inspector 6.5
Original documentdocumentLuigi Auriemma, Multiple vulnerabilities in Net Inspector 6.5.0.828 (17.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod