Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 февраля 2006 г.
Источник:
SecurityVulns ID:5760
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:XMB : XMB 1.9
 E107 : e107 0.7
 PHPNUKE : PHP-Nuke 7.8
 PLAINBLACK : WebGUI 6.8
 CPAINT : CPAINT 2.0
 SUPERSMASHBROTHE : Invision Power Board Army System Mod 2.1
 VHCS : VHCS 2.4
 RUNCMS : Runcms 1.3
 HINTONDESIGN : phphg Guestbook 1.2
 HINTONDESIGN : phpht Topsites 1.3
 IMAGEVUEX : imageVue 16.1
 HIVEMAIL : HiveMail 1.3
 LINPHA : Linpha 1.0
 DOCMGR : DocMGR
 DBESESSION : DB_eSession 1.0
 SITEFRAME : Siteframe 5.0
 ANSILOVE : Ansilove 1.02
Оригинальный текстdocumentSECUNIA, [SA18810] Ansilove File Disclosure and File Upload Vulnerabilities (13.02.2006)
 documentSECUNIA, [SA18804] Siteframe "q" Cross-Site Scripting Vulnerability (13.02.2006)
 documentSECUNIA, [SA18805] DB_eSession "deleteSession()" Function SQL Injection (13.02.2006)
 documentSECUNIA, [SA18819] WebGUI User Account Creation Vulnerability (13.02.2006)
 documentSECUNIA, [SA18821] XMB Forums today.php Cookie Data SQL Injection (13.02.2006)
 documentSECUNIA, [SA18820] PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability (13.02.2006)
 documentSECUNIA, [SA18816] e107 Unspecified BBCode Script Insertion Vulnerabilities (13.02.2006)
 documentSECUNIA, [SA18803] DocMGR process.php File Inclusion Vulnerability (13.02.2006)
 documentGod Of Death (G.O.D), [Full-disclosure] XSS in PlaySMS (13.02.2006)
 documentJeiAr, Linpha <= 1.0 multiple arbitrary local inclusion (13.02.2006)
 documentJeiAr, HiveMail <= 1.3 Multiple Vulnerabilities (13.02.2006)
 documentzjieb_(at)_hotmail.com, imageVue16.1 upload vulnerability (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phpht Topsites Multiple Vulnerabilities (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phphg Guestbook Multiple Vulnerabilities (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] GuestBookHost Authentication Bypass (13.02.2006)
 documentrgod_(at)_autistici.org, runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities (13.02.2006)
 documentRoman Medina, [VulnWatch] RS-2006-1: Multiple flaws in VHCS 2.x (13.02.2006)
 documentSecuBox fRoGGz, Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit (13.02.2006)
 documentJeiAr, CPAINT AJAX Library Cross Site Scripting (13.02.2006)
Файлы:Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород