Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		26.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8376
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: Crossite scripting.

Affected:		BYTEHOARD : bytehoard 2.1
		PROVERBS : Calendar Proverbs 1.1
		MESSAGINGARCHITE : GWExtranet 3.0

Original document		Hackers Center Security Group, GWExtranet Script Injections & Privilege Escalation Vulnerability (26.11.2007)
		Jose Luis Góngora Fernández, Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection (26.11.2007)
		Ernesto Alvarez, two bytehoard 2.1 bugs (26.11.2007)
		Jose Luis Góngora Fernández, PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability (26.11.2007)
		noreply_(at)_aria-security.net, Aria-Security.Net: Gouae DWD Realty SQL Injection (26.11.2007)
		MustLive, MoBiC-23 Bonus: XSS in Math Comment Spam Protection (26.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

Citrix NetScaler weak cryptography
Published:		26.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8379
Type:		remote
Level:		5/10
Description:		Username/password are stored as a part of cookie with encryption (XORing with reused key), making it's possible to discover parts of the password.

Affected:		CITRIX : NetScaler 8.0
CVE:		CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.)

Original document

nnposter_(at)_disclosed.not, Citrix NetScaler Web Management Cookie Weakness (26.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

nss_ldap information leak
Published:		26.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8377
Type:		library
Level:		5/10
Description:		Race conditions in multithread applications.

Affected:		NSSLDAP : nss_ldap 257
CVE:		CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.)

Original document

GENTOO, [ GLSA 200711-33 ] nss_ldap: Information disclosure (26.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

DoS with skype URL handler
Published:		26.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8378
Type:		client
Level:		5/10
Description:		It's possible to start unlimiteed number of application instances with skype: URL.

Affected:

SKYPE : Skype 3.6

Original document

mail_(at)_me.not, Skype DoS (26.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

PHP safe mode protection bypass with htaccess updated since 27.06.2007
Published:		26.11.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		7859
Type:		local
Level:		5/10
Description:		It's possible to manipulate function ini_set() and session_save_path() with htaccess settings.

Affected:		PHP : PHP 4.4
		PHP : PHP 5.2
CVE:		CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands via php_value directives in .htaccess.)

Original document		Maksymilian Arciemowicz, PHP 5.2.4 mail.force_extra_parameters unsecure (26.11.2007)
		Maksymilian Arciemowicz, [Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability (27.06.2007)

Discuss:

Read or add your comments to this news (0 comments)