 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 27.11.2007 | | Source: |  | | | SecurityVulns ID: |  | 8380 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Anti Spam Image wordpress plugin: CAPTCHA protection bypass. |
| Safenet Sentinel Protection Server directory traversal | | Published: | | 27.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8381 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Web interface directory traversal. |
| Mozilla Firefox / Seamonkey multiple security vulnerabilities | | Published: | | 27.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8383 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple memory corruptions and race conditions. |
Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007 | | Published: | | 27.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8333 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files. |
| Affected: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | XULRUNNER : xulrunner 1.8 | | CVE: |  | CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.) |
CA BrightStor ARCserve Backup unauthorized RPC access
updated since 27.11.2007 | | Published: | | 06.12.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8382 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple unsafe methods are available with RPC interface. |
|
|
|
|
|
|
|
|
