Очередные ошибки в Web-приложениях (PHP, ASP, CGI, Perl...) дополнено с 26 сентября 2005 г.
Опубликовано:		30 сентября 2005 г.
Источник:
SecurityVulns ID:		5246
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		JPORTAL : jPortal 2.2
		MANTIS : Mantis 0.19
		PUNBB : PunBB 1.2
		POSTNUKE : PostNuke 0.760
		JPORTAL : Jportal 2.3
		S9Y : Serendipity 0.8
		PHPFUSION : PHP-Fusion 6.0
		PHPMYFAQ : phpMyFAQ 1.5
		MANTIS : Mantis 1.0
		MAXDEV : MD-Pro 1.0
		PERLDRIVER : perldriver 2.0
		MYLITTLEFORUM : My Little Forum 1.5
		ALSTRASOFT : E-Friends 4.0
		MAILGUST : MailGust 1.9
		GESHI : GeSHi 1.0
		CONTENTSERV : ContentServ 3.1
		MALL23 : Mall23 eCommerce 4.10
		ICDEVGROUP : Interchange 5.2
		MOVABLETYPE : Movable Type 3.1
		SEOBOARD : SEO-Board 1.03
		IPB : Riverdark RSS Syndicator 2.1
		PHPZENER : PHP Zener 1.4
		LUCIDCMS : lucidCMS 1.0
		CJDESIGN : CJLinkOut 1.0
		CJDESIGN : CJ Tag Board 3.0
		CJDESIGN : CJ Web2Mail 3.0
		SQMAIL : SquirrelMail Address Add Plugin 2.0
		JSHOP : Jshop Server 1.3

Оригинальный текст		durito, просмотр файлов в JShop Server 1.3.0 (30.09.2005)
		SECURITEAM, [UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS) (29.09.2005)
		Nenad Jovanovic, [Full-disclosure] Serendipity: Account Hijacking / CSRF Vulnerability (29.09.2005)
		Moritz Naumann, [Full-disclosure] SquirrelMail Address Add Plugin XSS (29.09.2005)
		retrogod_(at)_aliceposta.it, PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure (29.09.2005)
		SECUNIA, [SA16963] CJ Web2Mail Cross-Site Scripting Vulnerabilities (28.09.2005)
		SECUNIA, [SA16966] CJ Tag Board Cross-Site Scripting Vulnerabilities (28.09.2005)
		SECUNIA, [SA16970] CJ LinkOut "123" Cross-Site Scripting Vulnerability (28.09.2005)
		SECUNIA, [SA16945] jPortal Download Search SQL Injection Vulnerability (28.09.2005)
		ghc_(at)_ghc.ru, SEO borad: SQL injection (28.09.2005)
		x1ngbox_(at)_gmail.com, lucidCMS 1.0.11 is susceptible to a cross site scripting attack (28.09.2005)
		Jose Antonio, Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities (28.09.2005)
		SECUNIA, [SA16934] IPB Riverdark RSS Syndicator Module Cross-Site Scripting (27.09.2005)
		SECUNIA, [SA16949] SEO-Board admin.php SQL Injection Vulnerability (27.09.2005)
		SECUNIA, [SA16899] Movable Type Multiple Weaknesses and Vulnerabilities (26.09.2005)
		SECUNIA, [SA16923] Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities (26.09.2005)
		SECUNIA, [SA16908] PunBB Two Vulnerabilities (26.09.2005)
		SECUNIA, [SA16903] Mall23 eCommerce "idOption_Dropdown_2" SQL Injection Vulnerability (26.09.2005)
		qobaiashi_(at)_gmx.net, [Full-disclosure] ContentServ features remote file disclosure (26.09.2005)
		Maksymilian Arciemowicz, [Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2 (26.09.2005)
		retrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005)
		retrogod_(at)_aliceposta.it, MailGust 1.9 SQL Injection (26.09.2005)
		khc_(at)_bsdmail.org, AlstraSoft E-Friends Remote Command Exucetion (26.09.2005)
		retrogod_(at)_aliceposta.it, PhpMyFAQ 1.5.1 multiple vulnerabilities (26.09.2005)
		krasza_(at)_gmail.com, Sql injection in jPortal version 2.3.1 (module download) (26.09.2005)
		retrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005)
		morning_wood, [Full-disclosure] perldiver (26.09.2005)

Файлы:		My Little Forum 1.5 ( possibly prior versions) SQL Injection / MD5 password hash disclosure poc exploit with proxy support
		PHP Zener <=1.4 get user-admin exploit
		Mantis Bugtracker Remote Database Scanner Exploit v 1.0 (with targets)
		PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
		PhpMyFaq 1.5.1 ( possibly prior versions) shell inject
		Mantis Bugtracker Remote Database Scanner Exploit v 1.0
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)