Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 апреля 2006 г.
Источник:
SecurityVulns ID:6023
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:MAMBOSERVER : Mambo Server 4.6
 CUREPHP : CuteNews 1.4
 PLEXUM : PlexCart X3
 SWSOFT : Confixx 3.1
 BOARDSOLUTION : Boardsolution 1.12
 FUJU : fuju news 1.0
 PHPSURVEYOR : PHPSurveyor 0.995
 AWSTATS : AWStats 6.5
 PLEXUM : Plexum X5
 BANNERFARM : BannerFarm 2.3
 INTELLILINK : IntelliLink 5.06
 COMMUNIMAIL : CommuniMail 1.2
 VISALE : Visale 1.0
 PHPLISTER : phpLister 0.4
 INTERNETPHOTOSHO : Internet Photoshow 1.3
 PHPNETTOOLS : PHP Net Tools 2.7
 BLACKORPHEUS : Blackorpheus ClanMemberSkript 1.0
 PMTOOL : PMTool 1.2
 TOTALCALENDAR : TotalCalendar 2.0
 ACTUALSCRIPTS : ActualAnalyzer Lite 2.72
 ACTUALSCRIPTS : ActualAnalyzer Gold 7.63
 ACTUALSCRIPTS : ActualAnalyzer Server 8.23
 PHPFABER : phpFaber TopSites 1.9
 WARFORGE : warforge.NEWS 1.0
CVE:CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.)
Оригинальный текстdocumentSECUNIA, [SA19697] warforge.NEWS Multiple Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19652] phpFaber TopSites "page" Cross-Site Scripting Vulnerability (19.04.2006)
 documentsusam.pal_(at)_gmail.com, XSS Vulnerability in Guest-book script powered by Community Architect (19.04.2006)
 documentAesthetico, [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability (19.04.2006)
 documentSECUNIA, [SA19730] TotalCalendar "inc_dir" File Inclusion Vulnerability (19.04.2006)
 documentSECUNIA, [SA19654] Boardsolution "keyword" Cross-Site Scripting Vulnerability (19.04.2006)
 documentSECUNIA, [SA19685] PMTool "order" SQL Injection Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19726] Internet Photoshow "page" File Inclusion Vulnerability (19.04.2006)
 documentsn4k3.23_(at)_gmail.com, CuteNews 1.4.1 <= Cross Site Scripting (19.04.2006)
 documentDefa, [Full-disclosure] Confixx Index.PHP SQL Injection Vulnerability (Exploit - not new vuln) (19.04.2006)
 documentalireza hassani, [KAPDA::#41] - Mambo/Joomla rss component vulnerability (19.04.2006)
 documentbotan_(at)_linuxmail.org, phpLister v. 0.4.1 XSS Attacking (19.04.2006)
 documentr0t, Visale XSS vuln. (19.04.2006)
 documentr0t, CommuniMail XSS vuln. (19.04.2006)
 documentr0t, IntelliLink Pro XSS vuln. (19.04.2006)
 documentr0t, BannerFarm XSS vuln. (19.04.2006)
 documentr0t, PlexCart X3 SQL Injection Vulnerability (19.04.2006)
 documentr0t, Plexum X5 SQL vuln. (19.04.2006)
 documentr0t, AWStats 6.5 vuln. (19.04.2006)
 documentomnipresent_(at)_email.it, phpsurveyor Multiple Vulnerabilities (19.04.2006)
Файлы:PHP Net Tools Remote Code Execution Exploit
 Internet PhotoShow Remote File Inclusion Exploit
 Exploits Blackorpheus ClanMemberSkript 1.0 remote sql injection
 Exploits fuju news 1.0 remote sql injection
 Mambo/Joomla Path Disclosure & Remote DOS Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород