Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 июня 2006 г.
Источник:
SecurityVulns ID:6248
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:ZEROBOARD : Zeroboard 4.1
 PHPCMS : phpCMS 1.2
 INVISION : Invision Power Board 2.1
 COPPERMINE : Coppermine Photo Gallery 1.4
 BOASTMACHINE : boastMachine 3.1
 MYBB : MyBB 1.1
 CZARNEWS : CzarNews 1.14
 FOING : Foing 0.7
 AWEBNEWS : aWebNews 1.0
 CABACOS : Cabacos Web CMS 3.8
 AWFCMS : AWF CMS 1.11
 IGLOOWEB : igloo DoubleSpeak 0.1
 MYSCRAPBOOK : Myscrapbook 3.1
 THWBOARD : ThWboard 3.0
 MYPHPGUESTBOOK : myPHP Guestbook 2.0
 MDNEWS : MD News 1
 SAXON : SAXON 4.6
 SOMERY : Somery 0.4
 FLOG : FLog 1.1
 MAMBLOG : Mamblog 1.0
 WHEATBLOG : wheatblog 1.0
 SUBTEXT : SubText 1.5
 LOGISPHERE : LogiSphere 1.6
 CSFORUM : CS-Forum 0.81
CVE:CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.)
 CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.)
 CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.)
Оригинальный текстdocumentSECUNIA, [SA20592] Zeroboard ".htaccess" File Upload Vulnerability (13.06.2006)
 documentSECUNIA, [SA20534] CS-Forum Multiple Vulnerabilities (13.06.2006)
 documentSECUNIA, [SA20578] LogiSphere Cross-Site Scripting Vulnerability (13.06.2006)
 documentSECUNIA, [SA20580] SubText MultiBlog Admin Logon Security Issue (13.06.2006)
 documentSECUNIA, [SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting (13.06.2006)
 documentSpC-x, wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability (13.06.2006)
 documentSpC-x, Mamblog 1.0 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Flog 1.1.2 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, boastMachine v3.1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Somery 0.4.4 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, SAXON 4.6 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, CzarNews v1.14 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, MD News 1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, aWebNews 1.0 version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)
 documentkepche_(at)_msn.com, Invision Power Board XSS (13.06.2006)
 documentx0r_1_(at)_hotmail.de, MIME-tools 5.411 (Entity 5.404) (13.06.2006)
 document666_(at)_hell.de.tk, ThWboard 3.0 <= SQL Injection (13.06.2006)
 documentdarkfire_(at)_f4kelive.zzn.com, Foing (manage_songs.php) Remote File Inclusion[phpBB] (13.06.2006)
 documentimei, [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack (13.06.2006)
 documentluny_(at)_youfucktard.com, Myscrapbook v3.1 - XSS (13.06.2006)
 documentSECUNIA, Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability (13.06.2006)
 documentaminrayden_(at)_yahoo.com, igloo DoubleSpeak v 0.1 Multiple remote file inclusion (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород