Computer Security
[EN] securityvulns.ru no-pyccku


Cygwin setup packages spoofing
Published:26.07.2008
Source:
SecurityVulns ID:9173
Type:client
Threat Level:
4/10
Description:Package source authentity is not checked during installation procedure.
Original documentdocumentadvisories_(at)_host.security-objectives.com, SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability (26.07.2008)

Apple Safari memory corruption
Published:26.07.2008
Source:
SecurityVulns ID:9175
Type:client
Threat Level:
5/10
Description:memory corruption on stylesheets parsing.
CVE:CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.)
Original documentdocumentZDI, ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability (26.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.07.2008
Published:29.07.2008
Source:
SecurityVulns ID:9174
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FireStats WordPress plugin: crossite scripting, automation protection bypass, DoS, information leak, unauthorized access.
Affected:POSTNUKE : PostNuke 0.726
 PIXELPOST : Pixelpost 1.7
 XRMS : XRMS 1.99
 FIRESTATS : FireStats 1.0
 JAMROOM : Jamroom 3.3
 WEBWIZ : Web Wiz Rich Text Editor 4.02
 VIART : ViArt 3.5
 OWL : Owl 0.95
 PHPJOBSCHEDULER : PhpJobScheduler 3.1
CVE:CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.)
Original documentdocumentGhost hacker, PhpJobScheduler 3.1 Remote File Inclusion Vulnerability (29.07.2008)
 documentFabian Fingerle, Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100 (29.07.2008)
 documentJeiAr, ViArt <= 3.5 SQL Injection (29.07.2008)
 documentsupportrup_(at)_gmail.com, Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 (29.07.2008)
 documentJeiAr, JamRoom <= 3.3.8 Authentication Bypass (29.07.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1 (29.07.2008)
 documentMustLive, Vulnerabilities in FireStats (29.07.2008)
 documentMustLive, Multiple vulnerabilities in FireStats (29.07.2008)
 documentHACKERS PAL, ezContents CMS Renote File inclusion (26.07.2008)
 documentazzcoder_(at)_hotmail.com, XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities (26.07.2008)
 documentMustLive, Vulnerabilities in PostNuke Phoenix (26.07.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod