Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 27 марта 2006 г.
Опубликовано:27 марта 2006 г.
Источник:
SecurityVulns ID:5946
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:INFOPOP : UBBThreads 5.5
 PHPBB : phpBB 2.0
 INVISION : Invision Power Board 1.3
 PHPADSNEW : phpAdsNew 2.0
 PHPOPENADS : phpPgAds 2.0
 PHPMYFAMILY : phpmyfamily 1.4
 CUREPHP : CuteNews 1.4
 NUKEDKLAN : Nuked-Klan 1.7
 JELSOFT : vBulletin 3.5
 MININUKE : Mini-NUKE 1.8
 ABSOLUTELIVE : Absolute Live Support XE 2.0
 DSPORTAL : DSCounter 1.0
 DSPORTAL : DSDownload 1.0
 CUTECAST : CuteCast 1.2
 INFOPOP : UBBThreads 6.0
 EZHOMEPAGEPRO : EZHomepagePro 1.5
 ESCHOOL : E-School 1.0
 METISWARE : Metisware Instructor 1.3
 WEBHOSTINGAUTOMA : Helm Web Hosting Control Panel 3.2
 AZTEK : Aztek 4.0
 TFTGALLERY : TFT Gallery 0.10
 GBOOK : G-Book 1.0
 PHPTICKET : php ticket 0.71
 CALENDEREXPRESS : Calendar Express 2.2
 MEETINGRESERVE : Meeting Reserve 1.0
 SAPHPLESSON : SaphpLesson2.0
 MAMBO : AkoComment 2.0
Оригинальный текстdocumentdabdoub_mosikar_(at)_forislam.com, nuked-klan<=1.7.5 SQL Injection (27.03.2006)
 documentSECUNIA, [SA19397] uniForum "websecadmin.aspx" Cross-Site Scripting (27.03.2006)
 documentmfoxhacker_(at)_gmail.com, SQL injection in VGM Forbin. (27.03.2006)
 documentStefan Keller, AkoComment SQL injection vulnerability (27.03.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, SQL Injection in SaphpLesson2.0 (27.03.2006)
 documentSECUNIA, [SA19372] Meeting Reserve Cross-Site Scripting Vulnerability (27.03.2006)
 documentSECUNIA, [SA19393] Calender Express Cross-Site Scripting Vulnerability (27.03.2006)
 documentSECUNIA, [SA19415] Absolute Live Support XE Script Insertion Vulnerability (27.03.2006)
 documenth4cky0u, [Full-disclosure] HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS (27.03.2006)
 documenth4cky0u, [Full-disclosure] HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities (27.03.2006)
 documentMatteo Beccati, [Full-disclosure] [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities (27.03.2006)
 documentr0t, Helm Web Hosting Control Panel XSS vuln. (27.03.2006)
 documentr0t, Metisware Instructor XSS vuln. (27.03.2006)
 documentr0t, E-School Management System XSS vuln. and Web Quiz pro XSS vuln. (27.03.2006)
 documentr0t, EZHomepagePro multiple XSS vuln. (27.03.2006)
 documentr0t, BlankOL XSS vuln. (27.03.2006)
 documentdabdoub_mosikar_(at)_forislam.com, UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection (27.03.2006)
 documentSpiderZ, Xss Vbulletin 3.5.x ( test: 3.5.4 ) (27.03.2006)
 documentSpiderZ, phpBB v 2.0.X upload html .gif ( "not 2.0.19" ) (27.03.2006)
 documentSpiderZ, IPB v1.x upload html .gif (27.03.2006)
 documentSpiderZ, Mini-NUKE v1.8 (27.03.2006)
 documentSpiderZ, New exploit by SpiderZ (26.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] DSDownload Multiple SQL Injection Vulnerabilities (26.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability (26.03.2006)
Файлы:Topic infinitely exploit phpBB 2.0.19
 Search infinitely exploit phpBB 2.0.19
 ontinuous recordings CuteCast Version 1.2
 Exploits: Aztek 4.0 Gives Admin rights to a normal user
 CuteNews 1.4.1 (CutePHP.com) Hash password Finder
 tftgallery 0.10 exploit
 php ticket <= 0.71 exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород