Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007
Published:27.11.2007
Source:
SecurityVulns ID:8333
Type:remote
Threat Level:
6/10
Description:It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : SeaMonkey 1.1
 XULRUNNER : xulrunner 1.8
CVE:CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-37 (27.11.2007)
 documentPDP, Web Mayhem: Firefox’s JAR: Protocol issues (12.11.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.11.2007
Source:
SecurityVulns ID:8380
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Anti Spam Image wordpress plugin: CAPTCHA protection bypass.
Affected:DELUXEBB : DeluxeBB 1.09
 SIMPLEGALLERY : SimpleGallery 0.1
 PHPNUKE : NSN Script Depository module for PHP-Nuke 1.0
Original documentdocumentJose Luis Góngora Fernández, FIGIS (FILogin.do) Bypass SQL Injection Vulnerability (27.11.2007)
 documentJose Luis Góngora Fernández, JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability (27.11.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure (27.11.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure (27.11.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection (27.11.2007)
 documentJose Luis Góngora Fernández, SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability (27.11.2007)
 documentJose Luis Góngora Fernández, FMDeluxe (index.php) Cross-Site Scripting Vulnerability (27.11.2007)
 documentMustLive, MoBiC-25: Anti Spam Image CAPTCHA bypass (27.11.2007)
Files:DeluxeBB <= 1.09 Remote Admin's/User's Email Change
 Exploits PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

Safenet Sentinel Protection Server directory traversal
Published:27.11.2007
Source:
SecurityVulns ID:8381
Type:remote
Threat Level:
6/10
Description:Web interface directory traversal.
Affected:SAFENET : Sentinel Protection Server 7.1
 SAFENET : Sentinel Keys Server 1.0
Original documentdocumentElliot Kendall, Directory Traversal in SafeNet Sentinel Protection Server and Keys Server (27.11.2007)
 documentVulnerabilityResearch_(at)_digitaldefense.net, 2007-06 Sentinel Protection Server Directory Traversal (27.11.2007)

Mozilla Firefox / Seamonkey multiple security vulnerabilities
Published:27.11.2007
Source:
SecurityVulns ID:8383
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions and race conditions.
CVE:CVE-2007-5960
 CVE-2007-5959
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-39 (27.11.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-38 (27.11.2007)

CA BrightStor ARCserve Backup unauthorized RPC access
updated since 27.11.2007
Published:06.12.2007
Source:
SecurityVulns ID:8382
Type:remote
Threat Level:
6/10
Description:Multiple unsafe methods are available with RPC interface.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
CVE:CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure.")
Original documentdocumentcocoruder, [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (06.12.2007)
 documentZDI, ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (27.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod