Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.01.2006
Source:
SecurityVulns ID:5709
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PMWIKI : PmWiki 2.1
 PIXELPOST : Pixelpost Photoblog 1.4
Original documentdocumentAliaksandr Hartsuyeu, [eVuln] Pixelpost Photoblog XSS Vulnerability (29.01.2006)
 documentascii, PmWiki Multiple Vulnerabilities (29.01.2006)

Mozilla CSS crossite scripting
Published:29.01.2006
Source:
SecurityVulns ID:5710
Type:client
Threat Level:
5/10
Description:-moz-binding: CSS allows to bind XBL with element and XBL may contains scripts. It may lead to crossite sripting within e.g. webmail.
Affected:MOZILLA : Firefox 1.0
 NETSCAPE : Netscape 8.1
Original documentdocumentNikolas Coukouma, [Full-disclosure] -moz-binding CSS property: more XSS fun (29.01.2006)

Multiple PHP vulnerabilities
updated since 31.10.2005
Published:29.01.2006
Source:
SecurityVulns ID:5398
Type:library
Threat Level:
6/10
Description:phpinfo() crossite scripting, parse_str() register_globals activisation possibility, $GLOBALS variable modification witrh HTTP POST form 'fileupload' field. It's also possible to modify any variable with GLOBALS[variable].
Affected:PHP : PHP 5.0
 PHP : PHP 4.4
Original documentdocumentascii, PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable. (29.01.2006)
 documentSECUNIA, [SA17763] PHP "mb_send_mail()" "To:" Header Injection Vulnerability (28.11.2005)
 documentJuha-Matti Laurio, PHP Version 5.1.0 Update Fixes Several Vulnerabilities (26.11.2005)
 documentStefan Esser, [Full-disclosure] Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability (31.10.2005)
 documentStefan Esser, [Full-disclosure] Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() (31.10.2005)
 documentStefan Esser, [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() (31.10.2005)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod