Secure Computing Security Reporter multiple security vulnerabilities
Published:		23.07.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		7965
Type:		remote
Level:		6/10
Description:		Authentication bypass and directory traversal.

Affected:

SECURECOMPUTING : SecurityReporter 4.6

Original document

Oliver Karow, [Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability (23.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		23.07.2007
Source:
SecurityVulns ID:		7963
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		JOOMLA : Joomla 1.5
		PHPME : PHMe CMS 0.0

Original document		joseph.giron13_(at)_gmail.com, Minb Is Not A Blog default password directory (23.07.2007)
		f00_(at)_nowayyyy.de, Webspell 4.x Local File Inclusion (23.07.2007)
		Advisory_(at)_Aria-Security.net, [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln. (23.07.2007)
		h4ck3riran_(at)_yahoo.com, PHMe CMS 0.0.2 local File Include Vulnerabilitiy (23.07.2007)
		Daniel Fabian, SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS (23.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

Norman Antivirus multiple security vulnerabilities
Published:		23.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7962
Type:		remote
Level:		6/10
Description:		Protection bypass with .DOC files, division by zero on DOC parsing, multiple buffer overflows on LZH and ACE archives parsing.

Affected:		NORMAN : Norman Virus Control
		NORMAN : Norman Virus Control Plus 5.82
		NORMAN : Norman Virus Control 5.90
		NORMAN : Norman Internet Control 5.90

Original document		security_(at)_nruns.com, n.runs-SA-2007.023 - Norman Antivirus DOC parsing Divide by Zero Advisory (23.07.2007)
		security_(at)_nruns.com, n.runs-SA-2007.022 - Norman Antivirus DOC parsing Detection Bypass Advisory (23.07.2007)
		security_(at)_nruns.com, n.runs-SA-2007.020 - Norman Antivirus ACE parsing Arbitrary Code Execution Advisory (23.07.2007)
		security_(at)_nruns.com, n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory (23.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

Apache Tomcat crossite scripting updated since 23.07.2007
Published:		04.09.2007
Source:		BUGTRAQ
SecurityVulns ID:		7964
Type:		remote
Level:		5/10
Description:		Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.

Affected:		APACHE : Tomcat 4.0
		APACHE : Tomcat 4.1
CVE:		CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.)
		CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.)

Original document		tusharvartak_(at)_hotmail.com, Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (04.09.2007)
		APACHE, CVE-2007-3384: XSS in Tomcat cookies example (03.08.2007)
		Mark Thomas, CVE-2007-3383: XSS in Tomcat send mail example (23.07.2007)

Discuss:

Read or add your comments to this news (0 comments)