Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 июня 2006 г.
Источник:
SecurityVulns ID:6262
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:VBZOOM : VBZooM 1.01
 TIKIWIKI : tikiwiki 1.9
 VBZOOM : VBZooM 1.11
 PHPBANNEREXCHANG : phpBannerExchange 2.0
 BLUR6EX : blur6ex 0.3
 DELUXEBB : DeluxeBB 1.06
 CMSMUNDO : CMS Mundo 1.0
 VBZOOM : VBZooM 1.02
 35MMSLIDEGALLERY : 35mmslidegallery 6
 PHPMESSENGER : PHP MESSENGER 1.0
 SHOUTBOX : Shoutbox 1.5
 LTWCALENDAR : Ltwcalendar 4.1
 LTWCALENDAR : Jobline 1.1
 WEBCMS : Web-CMS 1.0
 PHPASKIT : PHPAskIt 2.0
 PHPMYFACTURES : PhpMyFactures 1.0
 MCGUESTBOOK : mcGuestbook 1.3
 CHIPMAILER : Chipmailer 1.09
 GSHOUT : G Shout 1.3
 SHOUTPRO : Shoutpro 1.0
 SIMPLESHOUT : Simpleshout 1.6
 WBB : wbb 2.2
 PHPBLUEDRAGON : Php Blue Dragon CMS 2.9
 ISPCONFIG : ISPConfig 2.2
 ANDYSCHAT : Andys Chat 4.5
CVE:CVE-2006-7015 (** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.)
 CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.)
Оригинальный текстdocumentSpC-x, Andys Chat 4.5 (action) Remote File Inclusion (15.06.2006)
 documentRedTeam Pentesting, [Full-disclosure] Advisory: Authentication bypass in phpBannerExchange (15.06.2006)
 documentRedTeam Pentesting, [Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange (15.06.2006)
 documentSECUNIA, Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities (15.06.2006)
 documentSECUNIA, Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities (15.06.2006)
 documentFederico Fazzi, [FSA016] ISPConfig 2.2.3, File inclusion vulnerability (15.06.2006)
 documentFederico Fazzi, PhpBlueDragon CMS 2.9.1, File inclusion vulnerability (15.06.2006)
 documentSpC-x, Fusion Polls (xtrphome) Remote File Inclusion (15.06.2006)
 documentSpC-x, Flipper Poll (root_path) Remote File Inclusion (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.1.6 "profile.php" SQL injection (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.2.2 "thread.php" SQL injection (15.06.2006)
 documentSpC-x, bbrss PhpBB (phpbb_root_path) Remote File Inclusion (15.06.2006)
 documentalp_eren_(at)_ayyildiz.org, Freeze Greetings Cards PWD.txt (15.06.2006)
 documentSpC-x, Simpleshout 1.6.0 Version - Remote File Include Vulnerability (15.06.2006)
 documentSpC-x, Shoutpro 1.0 Version - Remote File Include Vulnerability (15.06.2006)
 documentSpC-x, G Shout 1.3.1 Version - Remote File Include Vulnerability (15.06.2006)
 documentAesthetico, [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities (15.06.2006)
 documenttamriel_(at)_gmx.net, Chipmailer <= 1.09 Multiple Vulnerabilities (15.06.2006)
 documentgamr-14_(at)_hotmail.com, file include exploits in mcGuestbook 1.3 (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<-- V1.11 "show.php" SQL injection (15.06.2006)
 documentgmdarkfig_(at)_gmail.com, PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others (15.06.2006)
 documentbug_(at)_securitynews.ir, TikiWiki Sql injection & XSS Vulnerabilities (15.06.2006)
 documenterne_(at)_ernealizm.com, # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, Web-CMS <<--1.0 "print.php" SQL injection (15.06.2006)
 documentSpC-x, S H O U T B O X (v1.5) Version - Remote File Include Vulnerability (15.06.2006)
 documentSpC-x, Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities (15.06.2006)
 documentSpC-x, Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities (15.06.2006)
 documentSpC-x, Jobline 1 1 1 Version - Remote File Include Vulnerability (15.06.2006)
 documentSpC-x, PHP MESSENGER 1.0 Version - Remote File Include Vulnerability (15.06.2006)
 documentblack-cod3_(at)_hotmail.com, multiple Xss exploits in 35mmslidegallery V6 (15.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.01 "language.php" SQL injection (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.11 "subject.php" SQL injection (15.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.02 "meaning.php" SQL injection (15.06.2006)
Файлы:Exploits blur6ex <= 0.3.462 'ID' blind SQL injection / admin credentials disclosure

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород