Очередные ошибки в Web-приложениях PHP, ASP, CGI - ошибки и эксплоиты

[RU] switch to
English Version

Очередные ошибки в Web-приложениях PHP, ASP, CGI
дополнено с 27 июня 2005 г.
Опубликовано: 2 июля 2005 г.
Источник:
SecurityVulns ID: 4936
Тип: удаленная
Опасность: 5/10
Описание: Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг и т.д.

Затронутые продукты: WEBCALENDAR : WebCalendar 0.9
PHPBB : phpBB 2.0
XOOPS : xoops 2.0
PHPMYFAQ : phpMyFAQ 1.4
HOSTINGCONTROLLE : Hosting Controller 6.1
PHPADSNEW : phpAdsNew 2.0
PHPOPENADS : phpPgAds 2.0
DRUPAL : Drupal 4.5
POSTNUKE : PostNuke 0.760
WORDPRESS : WordPress 1.5
PLANSCALENDAR : Plans 6.7
S9Y : Serendipity 0.8
DRUPAL : Drupal 4.6
CACTI : cacti 0.8
ASPNUKE : ASP-Nuke 1.2
PHPFUSION : PHP-Fusion 6.0
STADTAUS : Form Mail Script 2.0
SUKRU : Sukru Alatas Guestbook 3.0
DYNAMICBIZ : Dynamic Biz Website Builder
CSVDB : CSV_DB 1.0
IDB : i_DB 1.0
COMMUNITY : Community Forum
COMMUNITYLINK : Community Link Pro Web Editor
CGICLUB : imTRBBS 1.02
PAVSTA : Auto Site
COMDEV : eCommerce 3.1
NATEON : NateOn Messenger 3.0
PHPMYFAQ : phpMyFAQ 1.5
NUCLEUS : Nucleus 3.20
OSTICKET : osTicket 1.3
PEAR : XML_RPC 1.3

Оригинальный текст document Stefan Esser, [Full-disclosure] Advisory 05/2005: Cacti Authentification/Addslashes Bypass Vulnerability (02.07.2005)

Stefan Esser, [Full-disclosure] Advisory 04/2005: Cacti Remote Command Execution Vulnerability (02.07.2005)

Stefan Esser, [Full-disclosure] Advisory 03/2005: Cacti Multiple SQL Injection Vulnerabilities [FIXED] (02.07.2005)

document JeiAr, PHPXMLRPC Remote Code Execution (02.07.2005)

ghc_(at)_ghc.ru, [SECURITY ALERT] osTicket bugs (02.07.2005)

JeiAr, PEAR XML_RPC Remote Code Execution Vulnerability (01.07.2005)

SECUNIA, [SA15884] phpPgAds XML-RPC PHP Code Execution Vulnerability (01.07.2005)

document SECUNIA, [SA15895] Nucleus XML-RPC PHP Code Execution Vulnerability (01.07.2005)

SECUNIA, [SA15883] phpAdsNew XML-RPC PHP Code Execution Vulnerability (01.07.2005)

Christopher Kunz, Advisory 02/2005: Remote code execution in Serendipity (01.07.2005)

SECUNIA, [SA15810] phpMyFAQ XML-RPC PHP Code Execution Vulnerability (01.07.2005)

document SECUNIA, [SA15862] Serendipity XML-RPC Unspecified PHP Code Execution Vulnerability (01.07.2005)

SECUNIA, [SA15819] NateOn Messenger Directory Listing Disclosure Vulnerability (30.06.2005)

SECUNIA, [SA15864] Comdev News Publisher Cross-Site Scripting and PHP Code Execution (30.06.2005)

document SECUNIA, [SA15865] Comdev eCommerce Review Script Insertion Vulnerability (30.06.2005)

SECUNIA, [SA15873] Pavsta Auto Site "sitepath" File Inclusion Vulnerability (30.06.2005)

SECUNIA, [SA15861] PEAR XML_RPC Unspecified PHP Code Execution Vulnerability (30.06.2005)

SECUNIA, [SA15855] PostNuke XML-RPC Library PHP Code Execution Vulnerability (30.06.2005)

document SECUNIA, [SA15852] XML-RPC for PHP Unspecified PHP Code Execution Vulnerability (30.06.2005)

Uwe Hermann, [Full-disclosure] [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue (30.06.2005)

Uwe Hermann, [Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue (30.06.2005)

document JeiAr, WordPress 1.5.1.2 && Earlier Multiple Vulnerabilities (30.06.2005)

blahplok_(at)_yahoo.com, Original imTRBBS(ver1.02) and prior remote command execution (30.06.2005)

mozako, [badroot security] Community link pro web editor: Remote command Execution (30.06.2005)

Christopher Kunz, Advisory 02/2005: Remote code execution in Serendipity (30.06.2005)

document SECURITEAM, [EXPL] PHP-Fusion Accessible Database Backups Download (Exploit) (30.06.2005)

SECURITEAM, [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2) (30.06.2005)

JeiAr, XOOPS 2.0.11 && Earlier Multiple Vulnerabilities (30.06.2005)

Andrew Farmer, Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug (29.06.2005)

document ronvdaal, Security Advisory - phpBB 2.0.15 PHP-code injection bug (29.06.2005)

SECUNIA, [SA15854] Plans "evt_id" SQL Injection Vulnerability (29.06.2005)

abducter_minds_(at)_yahoo.com, XSS IN Community forum (28.06.2005)

PHPBB, phpBB 2.0.16 released (28.06.2005)

ActionSpider_(at)_linuxmail.org, Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;) (28.06.2005)

document SECUNIA, [SA15842] CSV_DB / i_DB Arbitrary Command Execution Vulnerability (28.06.2005)

SECUNIA, [SA15818] Dynamic Biz Website Builder Admin Login SQL Injection (28.06.2005)

SECUNIA, [SA15832] Sukru Alatas Guestbook Exposure of User Credentials (28.06.2005)

Pot Kettle Industries, [Full-disclosure] multihtml exploit vulnerability advisory (28.06.2005)

document Alberto Trivero, M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80 (28.06.2005)

shervin khaleghjou, aspnuke is vulnerable to sql injection (28.06.2005)

patr0n, Php инъекция в Form Mail Script (28.06.2005)

SECUNIA, [SA15830] PHP-Fusion Two Vulnerabilities (27.06.2005)

document SECUNIA, [SA15788] WebCalendar "assistant_edit.php" Security Bypass (27.06.2005)

SECURITEAM, [EXPL] ASPNuke SQL Injection Vulnerability (Exploit) (27.06.2005)

Файлы: phpBB Remote PHP Code Execution (viewtopic.php 2)
PHP-Fusion Accessible Database Backups Download Exploit
xmlrpc exploit
XMLRPC remote commands execute exploit
ASPNuke SQL Injection Vulnerability Exploit
Drupal exploit [DRUPAL-SA-2005-002]
Metasploit exploit for PHP XMLRPC
XMLRPC Exploit Code written in Python
SQL Injection Exploit for ASPNuke <= 0.80
Обсудить: Прочитать или оставить комментарии к новости (0 комментариев)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

test server