Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.01.2008
Source:
SecurityVulns ID:8620
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPKIT : PHPKIT 1.6
 WEBSPELL : Webspell 4.01
 COPPERMINE : Coppermine 1.4
 AMPJUKE : AmpJuke 0.7
 TINYBB : tinyBB 0.2
Original documentdocumentg0rk3m-31_(at)_hotmail.com, Yeşil Koridor Ziyareti Defteri (index.php) SqL. inj. (30.01.2008)
 documentJanek Vind, [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 (30.01.2008)
 documentnbbn_(at)_gmx.net, Webspell 4.01.02 2 Vulnerabilites (30.01.2008)
 documentg0rk3m-31_(at)_hotmail.com, tinyBB v0.2 Message Board Remote File Inc. (30.01.2008)
 documentg0rk3m-31_(at)_hotmail.com, AmpJuke-0.7.0 (index.php) Xss VuLn. (30.01.2008)
 documentnbbn_(at)_gmx.net, PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities (30.01.2008)

LSrunasE and Supercrypt cryptogoraphic vulnerabilities
Published:30.01.2008
Source:
SecurityVulns ID:8621
Type:local
Threat Level:
5/10
Description:Cryptography is implemented in insecure way.
Affected:LSRUNAS : LSrunasE 1.0
 SUPERCRYPT : Supercrypt 1.0
CVE:CVE-2007-6340
Original documentdocumentDaniel Roethlisberger, Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340) (30.01.2008)

Netkit ftpd FTP server DoS
Published:30.01.2008
Source:
SecurityVulns ID:8622
Type:remote
Threat Level:
5/10
Description:uninitialized pointer reference.
Affected:NETKIT : netkit-ftpd 0.17
CVE:CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.)
Original documentdocumentGENTOO, [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service (30.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod