 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 17.03.2008 | | Source: |  | | | SecurityVulns ID: |  | 8790 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Snewscms Rus 2.3: crossite scripting |
| Affected: |  | HORDE : Horde 3.0 | | | | SMARTY : Smarty 2.6 | | | | WML : wml 2.0 | | | | SNEWSCMS : SnewsCMS Rus 2.3 | | | | EASYCALENDAR : EasyCalendar 4.0 | | | | MULTIPLETIMESHEE : Mutiple Timesheets 5.0 | | CVE: |  | CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.) | | | | CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.) | | | | CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.) | | | | CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.) |
| RSA WebID crossite scripting | | Published: | | 17.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8792 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multipel crossite scripting possibilities. |
| Bootix BootManage TFTPD buffer overflow | | Published: | | 17.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8794 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on logging. |
VideoLAN VLC media player multiple security vulnerabilities
updated since 26.12.2007 | | Published: | | 17.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8494 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080. |
| Raidsonic nas-4220 weak cryptography | | Published: | | 17.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8791 | | Type: | | local | | Level: | | 5/10 | | Description: | | Encryption key is stored with data. |
| MG-Soft Net Inspector multiple security vulnerabilities | | Published: | | 17.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8793 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Format string vulnerability, directory traversal, DoS conditions. |
|
|
|
|
|
|
|
|
