Computer Security
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.08.2008
Source:BUGTRAQ
SecurityVulns ID:9228
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak.
Affected:TURNKEYWEBTOOLS : PHP Live Helper 2.0
 MAMBO : Mambo 4.6
 WORDPRESS : WP-ContactForm 2.0
 ENVOLUTION : Envolution 1.2
 FLEXCMS : FlexCMS 2.5
 MUNKI : munky-bliki 0.01
 NEWSHOWLER : NewsHOWLER 1.03
 OPENFREEWAY : Freeway eCommerce 1.4
Original documentdocumentDigital Security Research Group [DSecRG], [DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171 (18.08.2008)
 documentr3d.w0rm_(at)_yahoo.com, NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection (18.08.2008)
 documentJeiAr, PHP Live Helper <= 2.0.1 Multiple Vulnerabilities (18.08.2008)
 documentr3d.w0rm_(at)_yahoo.com, munky-bliki lfi (18.08.2008)
 documentirancrash_(at)_gmail.com, Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani (18.08.2008)
 documentirancrash_(at)_gmail.com, FlexCMS <= 2.5 Cross Site Scripting Vulnerability (18.08.2008)
 documentAlemin_Krali Krali, Vbulletin Plugin ChatBox Xss Vulnerability (18.08.2008)
 documentMustLive, Abuse of Functionality vulnerability in WP-ContactForm for WordPress (18.08.2008)
 documentMustLive, Vulnerabilities in Envolution (18.08.2008)
Files:Exploits munky-bliki Lfi
Discuss:Read or add your comments to this news (0 comments)

MicroWorld MailScan multiple security vulnerabilities
Published:18.08.2008
Source:BUGTRAQ
SecurityVulns ID:9229
Type:remote
Level:6/10
Description:Durectory traversal, authenticatio bypass, crossite scripting, informaiton leak via Web admin page (TCP/10443).
Affected:MICROWORLD : MailScan for Mail Servers 5.6
Original documentdocumentOliver Karow, Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface (18.08.2008)
Discuss:Read or add your comments to this news (0 comments)

Cisco WebEx Meeting Manager ActiveX buffer overflow
Published:18.08.2008
Source:BUGTRAQ
SecurityVulns ID:9230
Type:client
Level:5/10
Description:atucfobj.dll buffer overflow
CVE:CVE-2008-2737 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3558. Reason: This candidate is a duplicate of CVE-2008-3558. Notes: All CVE users should reference CVE-2008-3558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentCISCO, Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control (18.08.2008)
Discuss:Read or add your comments to this news (0 comments)

Amarok symbolic links vulnerability
Published:18.08.2008
Source:BUGTRAQ
SecurityVulns ID:9231
Type:local
Level:5/10
Description:Unsafe temporary files creation.
Affected:AMAROK : Amarok 1.4
CVE:CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:172 ] amarok (18.08.2008)
Discuss:Read or add your comments to this news (0 comments)

Nokia 6131 phones multiple security vulnerabilities
Published:18.08.2008
Source:BUGTRAQ
SecurityVulns ID:9232
Type:client
Level:5/10
Description:URI spoofing, device crash.
Affected:NOKIA : Nokia 6131
Original documentdocumentCollin R. Mulliner, Nokia 6131 NFC URI/URL Spoofing and DoS Advisory (18.08.2008)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru