Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.09.2008
Source:
SecurityVulns ID:9305
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUIRRELMAIL : squirrelmail 1.4
 AWSTATS : awstats 6.4
 PHPMYADMIN : phpMyAdmin 2.11
 DATASPADE : Dataspade 1.0
 MYFWB : MyFWB 1.0
 MAPCAL : The Mapping Calendar 0.1
 FUZZYLIME : fuzzylime 3.02
 MANTIS : Mantis 1.1
 BLUEPAGE : Bluepage CMS 2.5
 XTCOMMERCE : xt:Commerce 3.04
 DATALIFECMS : Datalife Engine CMS 7.2
CVE:CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.)
 CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.)
 CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.)
 CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.)
 CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.)
 CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.)
 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.)
 CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).)
 CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.)
 CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.)
 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.)
 CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.)
 CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows remote attackers to create new administrative users via user_create.)
Original documentdocumenthadikiamarsi_(at)_hotmail.com, Xss In Datalife Engine CMS 7.2 (24.09.2008)
 documentAesthetico, [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues (24.09.2008)
 documentAesthetico, [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues (24.09.2008)
 documentFabian Fingerle, Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098 (24.09.2008)
 documentjplopezy_(at)_gmail.com, Blue Coat xss (24.09.2008)
 documentGuns_(at)_0x90.com.ar, MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection (24.09.2008)
 documentGuns_(at)_0x90.com.ar, MyFWB 1.0 Remote SQL Injection (24.09.2008)
 documentHanno Bock, menalto gallery: Session hijacking vulnerability, CVE-2008-3102 (24.09.2008)
 documentHanno Bock, drupal: Session hijacking vulnerability, CVE-2008-3661 (24.09.2008)
 documentHanno Bock, Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (24.09.2008)
 documentr0t, Dataspade xss (24.09.2008)

newsbeuter shell characters vulnerability
Published:24.09.2008
Source:
SecurityVulns ID:9307
Type:remote
Threat Level:
5/10
Description:Shell characters vulnerability on "open-in-browser" command.
Affected:NEWSBEUTER : newsbeuter 1.0
CVE:CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.)
Original documentdocumentGENTOO, [ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code (24.09.2008)

Aruba Mobility Controller shared certificate
Published:24.09.2008
Source:
SecurityVulns ID:9306
Type:m-i-t-m
Threat Level:
4/10
Description:All devices share same certificate with same private key.
Original documentdocumentnnposter_(at)_disclosed.not, Aruba Mobility Controller Shared Default Certificate (24.09.2008)

Unreal Tournament game server directory traversal
Published:24.09.2008
Source:
SecurityVulns ID:9308
Type:remote
Threat Level:
6/10
Description:Directory traversal in built-in Web-server.
Affected:UNREAL : Unreal Tournament 3 1.3
Original documentdocumentLuigi Auriemma, Directory traversal in the webadmin of Unreal Tournament 3 1.3 (24.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod