Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:11 июня 2006 г.
Источник:
SecurityVulns ID:6243
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SNITZ : Snitz Forums 3.4
 JOOMLA : Joomla! 1.0
 RINGLINK : Ringlink 3.2
 FXAPP : fx-APP 0.0
 OPENCMS : OpenCms 6.2
 CABACOS : Cabacos Web CMS 3.8
 CMSCFX : CFXe-CMS 2.0
 ZMS : ZMS 2.9
 IMAGEVUEX : ImageVue Gallery 16.2
 INTEGRAMOD : IntegraMOD 1.4
 EMPRIS : empris 20020923
 AEPARTNER : aePartner 0.8
 PHPONDIRECTORY : phpOnDirectory 1.0
 MAILENABLE : MailEnable Enterprise Edition ASP 2.0
 EPAYROLL : Enterprise TimeSheet and Payroll 1.1
CVE:CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.)
 CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.)
Оригинальный текстdocumentKacper, Enterprise TimeSheet and Payroll (EPS) <= v.1.1 Remote File Include Vulnerability (11.06.2006)
 documentSoroush Dalili, MailEnable Enterprise Edition ASP Version <= 2.0 (11.06.2006)
 documentKacper, phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability (11.06.2006)
 documentKacper, aePartner (dir[data]) <= v.0.8.3 Remote File Include Vulnerability (11.06.2006)
 documentKacper, Emergenices Personnel Information System (Empris) [phormationdir] <= v.20020923 Remote File Include Vulnerability (11.06.2006)
 documentSECUNIA, [SA20528] IntegraMOD "STYLE_URL" Parameter Cross-Site Scripting (11.06.2006)
 documentSilitix, [Full-disclosure] ImageVue Gallery : File Upload Vulnerability (11.06.2006)
 documentfarhad koosha, [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability (11.06.2006)
 documentc4nberx_(at)_gmail.com, Joomla! 1.0 Remote File Inclusion (11.06.2006)
 documentAesthetico, [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS (11.06.2006)
 documentAesthetico, [MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS (11.06.2006)
 documentAesthetico, [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS (11.06.2006)
 documentluny_(at)_youfucktard.com, Tempinbox.com (11.06.2006)
 documentluny_(at)_youfucktard.com, fx-APP Version 0.0.8.1 (11.06.2006)
 documentluny_(at)_youfucktard.com, Ringlink v3.2 - XSS (11.06.2006)
Файлы:Exploits GUESTEX guestbook remote code execution

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород