Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.02.2008
Source:
SecurityVulns ID:8704
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
Affected:DOKEOS : Dokeos 1.8
 SPYCE : Spyce - Python Server Pages 2.1
 JINZORA : Jinzora Media Jukebox 2.7
 WOLTLAB : WoltLab Burning Board 3.0
 SMARTERTOOLS : SmarterMail Enterprise 4.3
 BEA : Plumtree Foundation portal 6.0
 BEA : AquaLogic Interaction 6.1
Original documentdocumentProCheckUp Research, PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals (20.02.2008)
 documentjplopezy_(at)_gmail.com, SmarterMail Enterprise 4.3 - malformed mail XSS (20.02.2008)
 documentnbbn_(at)_gmx.net, WoltLab Burning Board 3.0.3 PL1 SQL-Injection Vulnerability (20.02.2008)
 documentDigital Security Research Group [DSecRG], [email protected], [email protected], [email protected] (20.02.2008)
 documentProCheckUp Research, PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Web_Links SQL Injection(cid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module eEmpregos SQL Injection(cid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module wflinks SQL Injection(cid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module classifieds SQL Injection(cid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_magazine) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module seminars SQL Injection (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module badliege SQL Injection (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module events SQL Injection (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module vacatures SQL Injection (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_foevpartners) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_genealogy) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_listoffreeads) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_facileforms) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module myTopics-print SQL Injection(articleid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_geoboerse) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module wflinks SQL Injection(cid) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_detail) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_team (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_formtool) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_iigcatalog) (20.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module section SQL Injection(articleid) (20.02.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4 (20.02.2008)

Lyris list manager multiple security vulnerabilities
Published:20.02.2008
Source:
SecurityVulns ID:8705
Type:remote
Threat Level:
5/10
Description:Privilege escalation.
Affected:LYRIS : Lyris ListManager 8.95
 LYRIS : Lyris ListManager 9.2
 LYRIS : Lyris ListManager 9.3
CVE:CVE-2007-6319
Original documentdocumentSYMANTEC, SYMSA-2008-001: Lyris ListManager - Multiple Vulnerabilities (20.02.2008)

FreeSSHd DoS
Published:20.02.2008
Source:
SecurityVulns ID:8707
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on SSH2_MSG_NEWKEYS message.
Original documentdocumentLuigi Auriemma, NULL pointer crash in freeSSHd 1.20 (20.02.2008)
Files:Exploits FreeSSHD <= 1.20 NULL pointer crash

NowSMS SMS/MMS gateway multiple security vulnerabilities
Published:20.02.2008
Source:
SecurityVulns ID:8708
Type:remote
Threat Level:
6/10
Description:Buffer overflows on authentication and on SMPP packets parsing.
Affected:NOWSMS : NowSMS 2007.06
Original documentdocumentLuigi Auriemma, Multiple buffer-overflow in NowSMS v2007.06.27 (20.02.2008)
Files:NowSMS <= v2007.06.27 multiple buffer-overflow

Foxit Remote Access Server (WAC Server) multiple security vulnerabilities
Published:20.02.2008
Source:
SecurityVulns ID:8709
Type:remote
Threat Level:
5/10
Description:Buffer overflow with telnet options, buffer overflow on oversized SSH packet.
Affected:FOXITSOFT : Foxit Remote Access Server 2.0
Original documentdocumentLuigi Auriemma, Two heap overflow in Foxit WAC Server 2.0 Build 3503 (20.02.2008)
Files:WAC Server <= 2.0 Build 3503 double heap overflow

webcamXP information leak
Published:20.02.2008
Source:
SecurityVulns ID:8710
Type:remote
Threat Level:
5/10
Description:Memory content leakage.
Affected:WEBCAMXP : webcamXP 3.72
 WEBCAMXP : webcamXP 4.05
Original documentdocumentLuigi Auriemma, Access violation and limited informations disclosure in webcamXP 3.72.440.0 (20.02.2008)

PCRE library buffer overflow
updated since 20.02.2008
Published:17.04.2008
Source:
SecurityVulns ID:8706
Type:library
Threat Level:
7/10
Description:Buffer overflows on regular expressins with codepoints greatr than 255.
Affected:PCRE : pcre 4.5
 CHIKEN : chicken 3.1
CVE:CVE-2008-1026
 CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.)
 CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.)
Original documentdocumentZDI, ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability (17.04.2008)
 documentGENTOO, [ GLSA 200802-10 ] Python: PCRE Integer overflow (26.02.2008)
 documentFlorian Weimer, [SECURITY] [DSA 1499-1] New pcre3 packages fix arbitrary code execution (20.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod