Computer Security
[EN] securityvulns.ru no-pyccku


Secure Computing Security Reporter multiple security vulnerabilities
Published:23.07.2007
Source:
SecurityVulns ID:7965
Type:remote
Threat Level:
6/10
Description:Authentication bypass and directory traversal.
Affected:SECURECOMPUTING : SecurityReporter 4.6
Original documentdocumentOliver Karow, [Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability (23.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:23.07.2007
Source:
SecurityVulns ID:7963
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.5
 PHPME : PHMe CMS 0.0
Original documentdocumentjoseph.giron13_(at)_gmail.com, Minb Is Not A Blog default password directory (23.07.2007)
 documentf00_(at)_nowayyyy.de, Webspell 4.x Local File Inclusion (23.07.2007)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln. (23.07.2007)
 documenth4ck3riran_(at)_yahoo.com, PHMe CMS 0.0.2 local File Include Vulnerabilitiy (23.07.2007)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS (23.07.2007)

Apache Tomcat crossite scripting
updated since 23.07.2007
Published:04.09.2007
Source:
SecurityVulns ID:7964
Type:remote
Threat Level:
5/10
Description:Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
CVE:CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.)
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.)
Original documentdocumenttusharvartak_(at)_hotmail.com, Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (04.09.2007)
 documentAPACHE, CVE-2007-3384: XSS in Tomcat cookies example (03.08.2007)
 documentMark Thomas, CVE-2007-3383: XSS in Tomcat send mail example (23.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod