Search:Vulnerability:27.11.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 27.11.2007
Source:
SecurityVulns ID: 8380
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Anti Spam Image wordpress plugin: CAPTCHA protection bypass.

Affected: DELUXEBB : DeluxeBB 1.09
SIMPLEGALLERY : SimpleGallery 0.1
PHPNUKE : NSN Script Depository module for PHP-Nuke 1.0

Original document Jose Luis Góngora Fernández, FIGIS (FILogin.do) Bypass SQL Injection Vulnerability (27.11.2007)

Jose Luis Góngora Fernández, JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability (27.11.2007)

kingoftheworld92_(at)_fastwebnet.it, Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure (27.11.2007)

document kingoftheworld92_(at)_fastwebnet.it, PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure (27.11.2007)

kingoftheworld92_(at)_fastwebnet.it, Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection (27.11.2007)

Jose Luis Góngora Fernández, SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability (27.11.2007)

document Jose Luis Góngora Fernández, FMDeluxe (index.php) Cross-Site Scripting Vulnerability (27.11.2007)

MustLive, MoBiC-25: Anti Spam Image CAPTCHA bypass (27.11.2007)

Files: DeluxeBB <= 1.09 Remote Admin's/User's Email Change
Exploits PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
Discuss: Read or add your comments to this news (0 comments)

Safenet Sentinel Protection Server directory traversal
Published: 27.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8381
Type: remote
Level: 6/10
Description: Web interface directory traversal.

Affected: SAFENET : Sentinel Protection Server 7.1
SAFENET : Sentinel Keys Server 1.0

Original document Elliot Kendall, Directory Traversal in SafeNet Sentinel Protection Server and Keys Server (27.11.2007)

VulnerabilityResearch_(at)_digitaldefense.net, 2007-06 Sentinel Protection Server Directory Traversal (27.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Mozilla Firefox / Seamonkey multiple security vulnerabilities
Published: 27.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8383
Type: remote
Level: 6/10
Description: Multiple memory corruptions and race conditions.

CVE: CVE-2007-5960
CVE-2007-5959

Original document MOZILLA, Mozilla Foundation Security Advisory 2007-39 (27.11.2007)

MOZILLA, Mozilla Foundation Security Advisory 2007-38 (27.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007
Published: 27.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8333
Type: remote
Level: 6/10
Description: It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files.

Affected: MOZILLA : Firefox 2.0
MOZILLA : SeaMonkey 1.1
XULRUNNER : xulrunner 1.8
CVE: CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.)

Original document MOZILLA, Mozilla Foundation Security Advisory 2007-37 (27.11.2007)

PDP, Web Mayhem: Firefox�s JAR: Protocol issues (12.11.2007)

Discuss: Read or add your comments to this news (0 comments)

CA BrightStor ARCserve Backup unauthorized RPC access
updated since 27.11.2007
Published: 06.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8382
Type: remote
Level: 6/10
Description: Multiple unsafe methods are available with RPC interface.

Affected: CA : Brightstor ARCserve Backup 11.1
CA : Brightstor ARCserve Backup 11.0
CA : BrightStor ARCserve Backup 10.5
CA : BrightStor ARCserve Backup 9.01
CA : Brightstor ARCserve Backup 11.5
CVE: CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure.")

Original document cocoruder, [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (06.12.2007)

ZDI, ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (27.11.2007)

Discuss: Read or add your comments to this news (0 comments)