Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:		11 июня 2006 г.
Источник:
SecurityVulns ID:		6243
Тип:		удаленная
Уровень опасности:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		SNITZ : Snitz Forums 3.4
		JOOMLA : Joomla! 1.0
		RINGLINK : Ringlink 3.2
		FXAPP : fx-APP 0.0
		OPENCMS : OpenCms 6.2
		CABACOS : Cabacos Web CMS 3.8
		CMSCFX : CFXe-CMS 2.0
		ZMS : ZMS 2.9
		IMAGEVUEX : ImageVue Gallery 16.2
		INTEGRAMOD : IntegraMOD 1.4
		EMPRIS : empris 20020923
		AEPARTNER : aePartner 0.8
		PHPONDIRECTORY : phpOnDirectory 1.0
		MAILENABLE : MailEnable Enterprise Edition ASP 2.0
		EPAYROLL : Enterprise TimeSheet and Payroll 1.1
CVE:		CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.)
		CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.)

Оригинальный текст		Kacper, Enterprise TimeSheet and Payroll (EPS) <= v.1.1 Remote File Include Vulnerability (11.06.2006)
		Soroush Dalili, MailEnable Enterprise Edition ASP Version <= 2.0 (11.06.2006)
		Kacper, phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability (11.06.2006)
		Kacper, aePartner (dir[data]) <= v.0.8.3 Remote File Include Vulnerability (11.06.2006)
		Kacper, Emergenices Personnel Information System (Empris) [phormationdir] <= v.20020923 Remote File Include Vulnerability (11.06.2006)
		SECUNIA, [SA20528] IntegraMOD "STYLE_URL" Parameter Cross-Site Scripting (11.06.2006)
		Silitix, [Full-disclosure] ImageVue Gallery : File Upload Vulnerability (11.06.2006)
		farhad koosha, [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability (11.06.2006)
		c4nberx_(at)_gmail.com, Joomla! 1.0 Remote File Inclusion (11.06.2006)
		Aesthetico, [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS (11.06.2006)
		Aesthetico, [MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS (11.06.2006)
		Aesthetico, [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS (11.06.2006)
		luny_(at)_youfucktard.com, Tempinbox.com (11.06.2006)
		luny_(at)_youfucktard.com, fx-APP Version 0.0.8.1 (11.06.2006)
		luny_(at)_youfucktard.com, Ringlink v3.2 - XSS (11.06.2006)

Файлы: