Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		26.08.2008
Source:
SecurityVulns ID:		9244
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: crossite scripting.

Affected:		PHPNUKE : PHP-Nuke 7.0
		MININUKE : Mini-NUKE 2.3
		EZCONTENTS : ezContents CMS 2.0
		PLUKCMS : Pluck CMS 4.5
		CALENDARIX : Calendarix 0,8
		CRAFTYSINTAX : Crafty Syntax Live Help 2.14
		ZONEMINDER : ZoneMinder 1.23
		AWSTATS : AWStats Totals 1.14

Original document		elliot.kendall_(at)_emory.edu, Multiple Vulnerabilities in AWStats Totals (26.08.2008)
		filip.palian_(at)_pjwstk.edu.pl, ZoneMinder Multiple Vulnerabilities (26.08.2008)
		byccc_(at)_live.com, Mini-NUKE v2.3 Freehost (tr) Multiple Remote SQL Injection Vulnerabilities (26.08.2008)
		JeiAr, Crafty Syntax Live Help <= 2.14.6 SQL Injection (26.08.2008)
		SECUNIA, Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities (26.08.2008)
		Digital Security Research Group [DSecRG], [DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2 (26.08.2008)
		Digital Security Research Group [DSecRG], [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3 (26.08.2008)
		MustLive, Cross-Site Scripting vulnerability in PHP-Nuke (26.08.2008)

Discuss:

Read or add your comments to this news (0 comments)

PartyGaming PartyPoker updates spoofing
Published:		26.08.2008
Source:		BUGTRAQ
SecurityVulns ID:		9245
Type:		m-i-t-m
Level:		4/10
Description:		Cryptography is not used to validate update authenticity.

Original document

Security Objectives Corporation, SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability (26.08.2008)

Discuss:

Read or add your comments to this news (0 comments)

Grub, DiskCryptor, LILO, DriveCrypt, TrueCRYPT and Intel, IBM, HP BIOS disk ebcryption utilities information leak updated since 26.08.2008
Published:		01.09.2008
Source:		BUGTRAQ
SecurityVulns ID:		9247
Type:		local
Level:		5/10
Description:		Cleartext password is not erased from BIOS data buffer.

Affected:		DISKCRYPTOR : DiskCryptor 0.2
		GRUB : Grub Legacy 0.97
		LILO : lilo 22.6
		SECUSTAR : DriveCrypt 3.9
		TRUECRYPT : TrueCrypt 5.0

Original document		iViZ Security Advisories, [IVIZ-08-005] IBM Lenovo BIOS Plain Text Password Disclosure (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-004] Intel BIOS Plain Text Password Disclosure (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage (01.09.2008)
		iViZ Security Advisories, [IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage (26.08.2008)
		iViZ Security Advisories, [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage (26.08.2008)

Discuss:

Read or add your comments to this news (0 comments)

Novell iPrint client multiple security vulnerabilities updated since 26.08.2008
Published:		04.09.2008
Source:		BUGTRAQ
SecurityVulns ID:		9246
Type:		client
Level:		5/10
Description:		Information leak, multiple buffer overflow.

Affected:		NOVELL : iPrint Client 4.36
		NOVELL : iPrint Client 5.04

Original document		SECUNIA, Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow (04.09.2008)
		SECUNIA, Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows (26.08.2008)
		SECUNIA, Secunia Research: Novell iPrint Client ActiveX Control "GetFileList()" Information Disclosure (26.08.2008)

Discuss:

Read or add your comments to this news (0 comments)