Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:16 февраля 2006 г.
Источник:
SecurityVulns ID:5780
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:MYBB : MyBB 1.0
 XMBFORUM : XMB Forum 1.9
 GALLERY : Gallery 1.5
 PHPNUKE : phpNuke 7.8
 ATMAIL : @Mail 4.3
 2200NET : 2200net Calendar system 1.2
 CLEVERCOPY : Clever Copy 3.0
 MYBLOG : My Blog 1.63
 B10M : HTML::BBCode 1.03
 B10M : HTML::BBCode 1.04
 SQUISHDOT : Squishdot 1.5
 PLUMECMS : Plume CMS 1.0
 CGIWARP : CGIWarp 3.10
 WEBSPELL : Webspell 4.01
 TECA : Teca Diary Personal Edition 1.0
Оригинальный текстdocumentsp3x_(at)_securityreason.com, [Full-disclosure] Critical SQL Injection PHPNuke <= 7.8 - Your_Account module (16.02.2006)
 documentSECUNIA, [SA18874] @Mail Webmail Image Tag Script Insertion Vulnerability (16.02.2006)
 documentSECUNIA, [SA18873] Clever Copy Private Message "Subject" Script Insertion Vulnerability (16.02.2006)
 documentSECUNIA, [SA18876] Teca Diary Personal Edition SQL Injection Vulnerability (16.02.2006)
 documentSECUNIA, [SA18885] webSPELL "search.php" SQL Injection Vulnerability (16.02.2006)
 documentSECUNIA, [SA18797] CGIWrap Error Message System Information Disclosure (16.02.2006)
 documentSECUNIA, [SA18883] Plume CMS prepend.php File Inclusion Vulnerability (16.02.2006)
 documentSECUNIA, [SA18868] Squishdot Mail Header Injection Vulnerability (16.02.2006)
 documentScott Dewey, [Full-disclosure] Wimpy MP3 Player - Text file overwrite vulnerability (16.02.2006)
 documentScott Dewey, [Full-disclosure] HostAdmin - Remote Command Execution Vulnerability (16.02.2006)
 documentScott Dewey, [Full-disclosure] Web Calendar Pro - Denial of Service SQL Injection Vulnerability (16.02.2006)
 documentScott Dewey, [Full-disclosure] iUser Ecommerce - Remote Command Execution Vulnerability (16.02.2006)
 documentimei, [myimei]MyBB 1.0.3~private.php~multiple SqlInjection (16.02.2006)
 documentimei, MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS (16.02.2006)
 documentimei, [myimei]MyBB1.0.3~managegroup.php~Multiple SqlInjection & XSS (16.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities (16.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities (16.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] My Blog BBCode XSS Vulnerabilities (16.02.2006)
 documentJeiAr, XMB Forums Multiple Vulnerabilities (16.02.2006)
 documentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution (16.02.2006)
Файлы:iUser Remote File Inclusion Exploit
 HostAdmin Remote File Inclusion Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород