Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.05.2007
Source:
SecurityVulns ID:7755
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EGGBLOG : EggBlog 3.1
 DGNEWS : DGNews 2.1
 MYWEBLAND : MyEvent 1.6
CVE:CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.)
 CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).)
 CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.)
 CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.)
Original documentdocumentAesthetico, [MajorSecurity Advisory #48]eggblog - Session fixation Issue (29.05.2007)
 documentlaurent gaffie, Re: DGNews version 2.1 SQL Injection Vulnerability (29.05.2007)
 documentMichal Majchrowicz, [Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities (29.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, DGNews version 2.1 Path Disclosure Vulnerability (29.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, DGNews version 2.1 SQL Injection Vulnerability (29.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, myEvent version 1.6 Multiple Path Disclosure Vulnerabilities (29.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, DGNews version 2.1 XSS Attack Vulnerability (29.05.2007)

Mac OS X vpnd format string security vulnerability
Published:29.05.2007
Source:
SecurityVulns ID:7756
Type:remote
Threat Level:
6/10
Description:Formats string vulnerability on -i command line argument parsing.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.)
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Mac OS X vpnd local format string (29.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod