Search:Vulnerability:29.05.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 29.05.2007
Source:
SecurityVulns ID: 7755
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: EGGBLOG : EggBlog 3.1
DGNEWS : DGNews 2.1
MYWEBLAND : MyEvent 1.6
CVE: CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.)
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).)
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.)
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.)

Original document Aesthetico, [MajorSecurity Advisory #48]eggblog - Session fixation Issue (29.05.2007)

laurent.gaffie_(at)_gmail.com, Re: DGNews version 2.1 SQL Injection Vulnerability (29.05.2007)

Michal Majchrowicz, [Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities (29.05.2007)

document securityresearch_(at)_netvigilance.com, DGNews version 2.1 Path Disclosure Vulnerability (29.05.2007)

securityresearch_(at)_netvigilance.com, DGNews version 2.1 SQL Injection Vulnerability (29.05.2007)

securityresearch_(at)_netvigilance.com, myEvent version 1.6 Multiple Path Disclosure Vulnerabilities (29.05.2007)

document securityresearch_(at)_netvigilance.com, DGNews version 2.1 XSS Attack Vulnerability (29.05.2007)

Discuss: Read or add your comments to this news (0 comments)

Mac OS X vpnd format string security vulnerability
Published: 29.05.2007
Source: BUGTRAQ
SecurityVulns ID: 7756
Type: remote
Level: 6/10
Description: Formats string vulnerability on -i command line argument parsing.

Affected: APPLE : Mac OS X 10.4
CVE: CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.)

Original document NGSSoftware Insight Security Research Advisory (NISR), Mac OS X vpnd local format string (29.05.2007)

Discuss: Read or add your comments to this news (0 comments)