Vulnerabilities digest Aug 21 2007 07:36PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Dear bugtraq (at) securityfocus (dot) com [email concealed],

there is a number of vulnerabilities unpublished in English yet

1. Dmitry Zubov reports Planet VC-200M VDSL2 router administration
interface DoS vulnerability.

HTTP request with missed Host: header prevents administration
interface access until reboot. Vendor was reportedly contacted, but
failed to react.

SecurityVulns issue:
Original message (in Russian):

2. MustLive reports low-risk (requires social engineering), yet
interesting example of crossite scripting in Internet Explorer. Local
zone scripting is possible on accessing saved page with original URL
in the form of


Internet Explorer 6.0 was tested.

SecurityVulns Issue:
Additional Information (in Ukranian):
Original message (in Russian):

3. MustLive reports crossite scripting vulnerability in Search Engine


leads to crossite scripting.

Additional information (in Ukranian):
Original message (in Russian):

4. MustLive reports vulnerability in Sirius 1.0, Blix 0.9.1 and Blix
0.9.1 Rus, Pool 1.0.7 themes for WordPress and also WordPress Classic
1.5 theme, last one is already fixed in WordPress 2.1.3.

Insuficcient filtering of PHP_SELF variable leads to crossite
scripting with request like

Additional information (in Ukranian):
Original messages (in Russian):

5. MustLive reports crossite scripting in coWiki

with request

Additional information:
Original message:

6. Ivan Niiiil ( reports vulnerabilities in
Linkliste 1.2, Butterfly online vistors counter 1.08, mcLinksCounter
1.2, My_REFERER 1.08.

Original messages in English are available from

7. Okan Alp ( reports vulnerabilities in
different Web applications.

Original messages in English are available from

/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /

[ reply ]
Re: Vulnerabilities digest Aug 22 2007 10:16PM
Steven M. Christey (coley linus mitre org)


Privacy Statement
Copyright 2010, SecurityFocus