Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.07.2008
Source:
SecurityVulns ID:9159
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contrexx CMS: crossite scripting, registration automation.
Affected:CLAROLINE : Claroline 1.8
 CONTREX : Contrexx CMS 2.0
 DEFBLOG : Def_Blog 1.0
Original documentdocumentDigital Security Research Group [DSecRG], [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities (19.07.2008)
 documentMustLive, Vulnerabilities in Contrexx CMS (19.07.2008)

afuse shell characters problem
Published:19.07.2008
Source:
SecurityVulns ID:9161
Type:local
Threat Level:
5/10
Description:Privilege escalation with shell characters in filenames.
Affected:AFUSE : afuse 0.1
 AFUSE : afuse 0.2
CVE:CVE-2008-2232
Original documentdocumentDEBIAN, [SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation (19.07.2008)

Oracle SQL injection lateral attacks
updated since 27.04.2008
Published:19.07.2008
Source:
SecurityVulns ID:8951
Type:library
Threat Level:
5/10
Description:SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION.
Original documentdocumentDavid Litchfield, Lateral SQL Injection Revisited - No Special Privs Required (19.07.2008)
 documentDavid Litchfield, A New Class of Vulnerability in Oracle: Lateral SQL Injection (27.04.2008)
Files:LateralSQLInjection

F-Prot antivirus DoS
Published:19.07.2008
Source:
SecurityVulns ID:9160
Type:remote
Threat Level:
5/10
Description:Out-of-bound memory access on CHM files parsing.
Affected:FPROT : F-Prot Antivirus 4.4
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2008.002 - F-Prot Out-of-Bound Memory Access DoS (remote) (19.07.2008)

HP Select Identity unauthorized access
Published:19.07.2008
Source:
SecurityVulns ID:9162
Type:remote
Threat Level:
6/10
Description:Unauthorized access via Active Directory Bidirectional LDAP Connector.
Affected:HP : HPSI Active Directory Bidirectional LDAP Connector 2..20
 HP : HPSI Active Directory Bidirectional LDAP Connector 2..30
CVE:CVE-2008-1665
Original documentdocumentHP, HPSBMA02346 SSRT080097 rev.2 - HP Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access (19.07.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod