Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) дополнено с 19 июля 2007 г.
Опубликовано:		19 июля 2007 г.
Источник:
SecurityVulns ID:		7944
Тип:		удаленная
Уровень опасности:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		SIMPLEMACHINES : Simple Machines Forum 1.0
		LEDGERSMB : LedgerSMB 1.2
		INSANELYSIMPLE : Insanely Simple Blog 0.5
		MAILMARSHAL : MailMarshal SMTP 6.2
		GEOBLOG : Geoblog 1
		DOKUWIKI : DokuWiki 2007-06-26
CVE:		CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.)
		CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.)

Оригинальный текст		Cyrill Brunschwiler, DokuWiki suffers XSS (19.07.2007)
		joseph.giron13_(at)_gmail.com, Geoblog v1 administrator bypass (19.07.2007)
		Gary O'leary-Steele, [Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability (19.07.2007)
		Chris Travers, Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 (19.07.2007)
		Chris Travers, Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 (19.07.2007)
		UBUNTU, [USN-487-1] Dovecot vulnerability (19.07.2007)
		joseph.giron13_(at)_gmail.com, Insanely simple blog - Multiple vulnerabilities (19.07.2007)
		sirn0n_(at)_yahoo.com, LFI On SMF 1.1.3 (19.07.2007)
		Matthew Cook, ExLibris Aleph and Metalib Cross Site Scripting Attack (19.07.2007)