Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: XSS...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Captcha! wordpress plugin: CAPTCHA protection bypass and XSS...

ht://dig htsearch sort Parameter XSS

The htsearch CGI script is accessible through the remote web server. htsearch is a component of ht://Dig used to index and search documents such as web pages. The version of htsearch installed on the remote host fails to sanitize user-supplied input to the 'sort' parameter before using it to...

kbbestell-exec.txt

"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kbwhois.cgi" are not filtering shell metacharacters. The following examples will show you the /etc/passwd file:...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Anti Spam Image wordpress plugin: CAPTCHA protection bypass...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: Crossite scripting...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: CAPTCHA bypass...

Moderate: ruby security update

1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL certificate. 320331 - Fix the multilib regression issue. 1.8.5-5 - security fix release. - ruby-1.8.5-cgi-CVE-2006-6303.patch: fix a infinite loo...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MoBiC-21: AIP CAPTCHA bypass...

Unfixed XSS vulnerability at www.searchwhateveraustralia.com.au

Security researcher Uber0n, has submitted on 22/11/2007 a cross-site-scripting XSS vulnerability affecting www.searchwhateveraustralia.com.au, which at the time of submission ranked 1236274 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ExpressionEngine: crossite scripting through responese splitting...

CVE-2007-6077

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: CAPTCHA protection bypass...

rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl

rPath Security Advisory: 2007-0242-1 Published: 2007-11-19 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: php5=conary.rpath.com@rpl:1/5.2.5-1-1...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. HBH-Fusion: CAPTCHA protection bypass...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Fusion: CAPTCHA protection bypass...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: CAPTCHA protection bypass...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass. Peter’s Random Anti-Spam Image: CAPTACHA protection bypass and crossite scripting...

RHEL 4 : ruby (RHSA-2007:0961)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was...