Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.04.2007
Source:
SecurityVulns ID:7602
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GALLERY : Gallery 1.2
 E107 : e107 0.7
 MYBB : MyBB 1.2
 WSDELUXE : NMDeluxe 1.0
 SUNSHOP : SunShop 3.5
 CODEBREAK : CodeBreak 1.1
 JOOMLA : JoomlaPack 1.0 module for Joomla
 JOOMLA : Joomla Template Be2004-2
 JOOMLA : AutoStand Category module for Joomla
 JOOMLA : New Article Component 1.1 module for Joomla
 JOOMLA : Tosmo Mambo 4.0 module for Joomla
 JOOMLA : Calendar (Agenda) 155 module for Joomla
 MXBB : MX Smartor FAP 2.0 module for MXBB
 MXBB : Shotcast 1.0 module for MXBB
 REZERVI : Rezervi Generic 0.9
 OPENMAIRIE : openMairie 1.11
 XOOPS : tsdisplay4xoops 0.1 module for Xoops
 AUDIOCMS : arash 0.1
 WEBSLIDER : Web Slider 0.6
 GARENNES : Garennes 0.6
 WEBKALK2 : WebKalk2 1.9
 JGALLERY : jGallery 1.3
 SUBSYSTEM : Mozzers SubSystem 1.0
 AIMSTATS : AimStats 3.2
 ZOMPLOG : Zomplog 3.8
 ANTHOLOGIA : ANTHOLOGIA 0.5
 MINIGAL : MiniGal b13
 CARBON : Cabron Connector 1.1
 RICARGBOOK : RicarGBooK 1.2
 SHOUTPRO : ShoutPro 1.5
 LSSIMPLE : LS simple guestbook 1
 EXPOW : Expow 0.8
 QDBLOG : QDBlog 0.4
 FROGSS : Frogss CMS 0.7
 PAPOO : Papoo 3.02
 CNSTATS : CNStats 2.9
 PIXARIA : Pixaria Gallery 1.4
 OSP : OpenSurvayPilot 1.2
 CREADIRECTORY : CreaDirectory 1.2
 XAMPP : XAMPP for Windows 1.6
 USEBB : UseBB 1.0
 OPENGROTTO : Open-gorotto 2.0
 OPENADS : Openads 2.3
 SIMPCMS : SimpCMS Light 04.10.2007
CVE:CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.)
 CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.)
 CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.)
 CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.)
 CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.)
 CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.)
 CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.)
 CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.)
 CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.)
 CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.)
 CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.)
 CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.)
 CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.)
 CVE-2007-1976 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.)
Original documentdocumentCyberGhost, CreaDirectory v1.2 Remote SQL Injection Vulnerability (19.04.2007)
 documentAlkomandoz Hacker, osp <= 1.2.1 (cfgPathToProjectAdmin) Remote File Include Vulnerablities (19.04.2007)
 documentAlkomandoz Hacker, AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentAlkomandoz Hacker, StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentirvian, sunshop 4 (index.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, CNStats 2.9 (who_r.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability (19.04.2007)
 documentomnipresent_(at)_email.it, QDBlog v0.4 - MULTIPLE VULNERABILITIES (19.04.2007)
 documentbilkopat_(at)_hotmail.com, Expow 0.8 File manager Autoindex.php (cfg_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentGammarays, LS simple guestbook (v1) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Cabron Connector 1.1.0-Full Remote File Inclusion Vulnerability: (19.04.2007)
 documentDj7xpl, Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln (19.04.2007)
 documentDj7xpl, Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, jGallery 1.3 (index.php) Remote File Inclusion Vulnerability (19.04.2007)
 documentGolD_M, WebKalk2 1.9.0 Remote File Include Vulnerablity (19.04.2007)
 documentGolD_M, Garennes 0.6.1 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, Web Slider 0.6(path)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, Gallery 1.2.5 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, tsdisplay4xoops 0.1(xoops_url)Remote File Include Vulnerabilitiy (19.04.2007)
 documentGolD_M, openMairie 1.11(/scr/soustab.php)Local File Inclusion Vulnerabilitiy (19.04.2007)
 documentGolD_M, Rezervi Generic 0.9(root)Remote File Include Vulnerablities (19.04.2007)
 documentbd0rk_(at)_hackermail.com, mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability (19.04.2007)
 documentMahmood_ali, com_mosmedia for Mambo & Jommla <= Remote File Include Vulnerability (19.04.2007)
 documentCold Zero, Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln (19.04.2007)
 documentCold Zero, Mambo/Joomla Module Weather (absolute_path) Remote File include Vuln (19.04.2007)
 documentCold Zero, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (19.04.2007)
 documentCold Zero, Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI (19.04.2007)
 documentCold Zero, Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities (19.04.2007)
 documentCold Zero, Jommla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) Remote File Include Vulnerabilities (19.04.2007)
Files:Exploits CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability
 Joomla Template Be2004-2 (index.php) Remote File Include Exploit
 mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) Remote File Include Exploit
 AimStats 3.2 (process.php update) Remote Code Execution Exploit
 MiniGal b13 Remote Code Execution Exploit
 Mybb <= 1.2.2 Remote SQL Injecton Exploit v.2.0
 E107 - (v0.7.8) Access Escalation Vulnerbility - PoC
 ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
 Papoo <= 3.02 (kontakt menuid) Remote SQL Injection Exploit
 Frogss CMS <= 0.7 SQL Injection Exploit
 NMDeluxe 1.0.1 (template) Local File Inclusion Exploit
 XAMPP for Windows <= 1.6.0a adodb.php/mssql_connect() remote buffer overflow proof-of-concept exploit
 freePBX 2.2.x full-log XSS PoC

liggttpd multiple denial of service conditions
Published:19.04.2007
Source:
SecurityVulns ID:7603
Type:remote
Threat Level:
6/10
Description:NULL pointer dereference, infinite loop.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.)
 CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.)

Python information leak
Published:19.04.2007
Source:
SecurityVulns ID:7604
Type:library
Threat Level:
5/10
Description:strxfrm function leaks memory content.
Affected:PYTHON : python 2.4
 PYTHON : python 2.5
CVE:CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.)

bftpd FTP server buffer overflow
Published:19.04.2007
Source:
SecurityVulns ID:7605
Type:remote
Threat Level:
5/10
Affected:BFTPD : bftpd 1.7
CVE:CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.)

lha symbolic links problem
Published:19.04.2007
Source:
SecurityVulns ID:7606
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation.
CVE:CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.)

ScramDisk 4 for Linux privilege escalation
Published:19.04.2007
Source:
SecurityVulns ID:7607
Type:local
Threat Level:
5/10
Description:suid bit is not cleared, it's possible to mount image to system directory.
Affected:SCRAMDISK : ScramDisk 4 1.0
CVE:CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.)
 CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.)

Sun Solaris fragmented IP packets DoS
Published:19.04.2007
Source:
SecurityVulns ID:7608
Type:remote
Threat Level:
6/10
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
CVE:CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.)
Files:SunOS 5.10 ICMP Remote Kernel Crash Exploit Code

TinyMux multiple security vulnerabilities
Published:19.04.2007
Source:
SecurityVulns ID:7609
Type:remote
Threat Level:
5/10
Description:Multiple denial of service conditions.
Affected:TINYMUX : TinyMUX 2.3
CVE:CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection.")
 CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.)

Wizz RSS Reader Mozilla plugin crossite scripting
Published:19.04.2007
Source:
SecurityVulns ID:7610
Type:client
Threat Level:
5/10
Description:Crossite scripting with RSS feeds.
Affected:MOZILLA : Wizz RSS Reader 2.1
CVE:CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.)

Linux AppleTalk DoS
Published:19.04.2007
Source:
SecurityVulns ID:7611
Type:remote
Threat Level:
5/10
Description:Denial of Service on AppleTalk frame parsing.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.)

IBM WebSphere multiple security vulnerabilities
Published:19.04.2007
Source:
SecurityVulns ID:7612
Type:remote
Threat Level:
6/10
Description:Double free() vulnerability, Servlet Engine vulnerabilities.
Affected:IBM : WebSphere 6.1
CVE:CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.)
 CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability.)

Roxio CinePlayer ActiveX buffer overflow
Published:19.04.2007
Source:
SecurityVulns ID:7613
Type:client
Threat Level:
5/10
Description:Buffer overflow in SonicDVDDashVRNav.dll.
Affected:ROXIO : CinePlayer 3.2
CVE:CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via unspecified properties and methods in the SonicDVDDashVRNav.dll ActiveX control.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod