 |
|
|
|
| Intellitamper buffer overflow | | Published: |  | 28.12.2008 | | Source: |  | CN4PHUX | | SecurityVulns ID: |  | 9551 | | Type: |  | client | | Level: |  | 5/10 | | Description: |  | Buffer overflow on .map file parsing. |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.12.2008 | | Published: | | 29.12.2008 | | Source: | | | | SecurityVulns ID: | | 9550 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
bbPress: crossite scripting, protection bypass |
| Affected: |  | PHPPGADMIN : phpPgAdmin 4.1 | | | | BBPRESS : bbPress 0.9 | | | | PSYCHOSTATS : PsychoStats 3.1 | | | | PHPPGADMIN : phpPgAdmin 4.2 | | | | JOOMLA : mdigg 2.2 | | | | VIART : ViArt Shopping Cart 3.5 | | CVE: |  | CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.) | | | | CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.) | | | | CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.) |
|
|
|
|
|
|
|
|
