 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 24.01.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8598 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Relay: SQL injection and crossite scripting. |
| SDL_Image library buffer overflow | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8599 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on GIF parsing. |
| Cisco PIX / Adaptive Security Appliance DoS | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8601 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on TTL processing if decrement-ttl enabled. |
| HTTP File Serve multiple security vulnerabilities | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8604 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting, information disclosure, unauthroized files creation, log manipulation, user name spoofing. |
| ImageShack Toolbar ActiveX unauthorized access | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8605 | | Type: | | client | | Level: | | 5/10 | | Description: | | Insecure method allows local files reading access. |
| Mozilla Firefox chrome: URL directory traversal | | Published: | | 24.01.2008 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 8603 | | Type: | | client | | Level: | | 2/10 | | Description: | | It's possible to access local script files |
Apache multiple security vulnerabilities
updated since 12.01.2008 | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8559 | | Type: | | remote | | Level: | | 5/10 | | Description: | | mod_proxy_balancer сrossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting. |
| Affected: |  | APACHE : Apache 1.3 | | | | APACHE : Apache 2.0 | | | | APACHE : Apache 2.2 | | CVE: |  | CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.) | | | | CVE-2007-6423 | | | | CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.) | | | | CVE-2007-6421 | | | | CVE-2007-6420 | | | | CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.) |
| Cisco Application Velocity System default account | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8602 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Password for default account is not generated during installation. |
HP-UX ARPA transport DoS
updated since 15.02.2007 | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7241 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : HP-UX 11.11 | | | | HP : HP-UX 11.23 | | CVE: | | CVE-2007-6425 | | | | CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.) | | | | CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.) |
| Original document |  | HP, [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (24.01.2008) |
| | | HP, [security bulletin] HPSBUX02248 SSRT071437 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (03.08.2007) |
| | | HP, [security bulletin] HPSBUX02247 SSRT071432 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (03.08.2007) |
| | | HP, HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (13.04.2007) |
| | | HP, [security bulletin] HPSBUX02192 SSRT061233 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (15.02.2007) |
PHP safe mode bypass vulneraebility
updated since 24.01.2008 | | Published: | | 12.04.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8600 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to access files behind sandbox directory with cURL module. |
|
|
|
|
|
|
|
|
