Очередные ошибки PHP, ASP, CGI дополнено с 23 мая 2005 г.
Опубликовано:		28 мая 2005 г.
Источник:
SecurityVulns ID:		4815
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг и т.д.

Затронутые продукты:		INVISION : Invision Power Board 2.0
		INVISION : Invision Power Board 1.3
		POSTNUKE : PostNuke 0.760
		WORDPRESS : WordPress 1.5
		MYBLOGGIE : myBloggie 2.1
		WEBAPP : WebAPP 0.9
		POSTNUKE : PostNuke 0.750
		PORTAILPHP : PortailPHP 1.3
		PHPMYCART : PHPMyCart 1.3
		JIRO : JiRo's Statistics System 1.0
		COOKIECART : Cookie Cart 4.0
		BLUECOAT : Blue Coat Reporter 7.1
		NEWSLETTEREZ : NewsletterEz 3.0
		GFORGE : gforge 3.1
		MIVA : Miva Merchant 4.0
		FUNKYASP : FunkyASP AD System 1.1
		PHPPC : PHP Poll Creator 1.01
		MAXWEBPORTAL : MaxWebPortal 1.36
		MAXWEBPORTAL : MaxWebPortal 2.0
		ZONGG : ZonGG 1.2
		JAWSGLOSSARY : Jaws Glossary 0.4
		JAWSGLOSSARY : Jaws Glossary 0.5
		PHPSTAT : PhpStat

Оригинальный текст		SoulBlack Group, PHP Stat Administrative User Authentication Bypass (28.05.2005)
		Rapigator, [Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability (28.05.2005)
		Alberto Trivero, Microsoft Outlook Express 6.00.2800.1106 (28.05.2005)
		Nah, [Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version)) (28.05.2005)
		SECUNIA, [SA15515] ZonGG "password" SQL Injection Vulnerability (27.05.2005)
		SECURITEAM, [EXPL] MaxWebPortal Administrator Password Retrieval (Exploit) (27.05.2005)
		Petey Beege, Invision Power Board 1.* and 2.* Exploit (BID 13529) (27.05.2005)
		rash ilusion, PHP Injection in PHP Poll Creator (26.05.2005)
		SECUNIA, [SA15494] FunkyASP AD System "password" SQL Injection Vulnerability (25.05.2005)
		Kristian Hermansen, [Full-disclosure] Miva Merchant 4.x Tax Calculation Bypass Vulnerability w/ PoC (25.05.2005)
		Filippo Spike Morelli, Gforge - viewFile.php security flaw (25.05.2005)
		SECUNIA, [SA15469] NewsletterEz "Password" SQL Injection Vulnerability (24.05.2005)
		SECUNIA, [SA15452] Blue Coat Reporter Multiple Unspecified Vulnerabilities (24.05.2005)
		SECURITEAM, [UNIX] WordPress Multiple Vulnerability (wp-trackback.php) (24.05.2005)
		SECUNIA, [SA15448] Cookie Cart Exposure of Order Notifications and Passwords (23.05.2005)
		SECUNIA, [SA15443] JiRo's Statistics System "Password" SQL Injection Vulnerability (23.05.2005)
		SECURITEAM, [UNIX] WebApp Arbitrary Code Execution (apage.cgi, Exploit) (23.05.2005)
		mircia mircia, PHPMyCart (latest) is vulnerable to XSS (23.05.2005)
		CENSORED, SQL инъекции в PortailPHP (23.05.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x (23.05.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x (23.05.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x (23.05.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3} (23.05.2005)

Файлы:		SQL Injection Exploit for WordPress <= 1.5.1.1
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)