Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:25 июня 2006 г.
Источник:
SecurityVulns ID:6295
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WAGORA : W-Agora 4.2
 COPPERMINE : Coppermine Photo Gallery 1.4
 WBB : WBB 2.3
 MYBB : MyBB 1.1
 DREAMACCOUNT : DREAMACCOUNT 3.1
 QATRAQ : QaTraq 6.5
 AEDATING : aeDating 4.1
 DATETOPIA : Dating Agent PRO 4.7
 NETSOFT : SmartNet 2.0
 ECBD : Custom dating biz@ dating script 1.0
 WBB : WBB 1.2
 PHPBLUEDRAGON : PHPBlueDragon 2.9
 NAMO : Namo DeepSearch 4.5
 SOFTBIZSCRIPTS : Softbiz Dating 1.0
CVE:CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.)
Оригинальный текстdocumentKARKOR23_(at)_hotmail.com, DREAMACCOUNT V3.1 Remote Command Execution Exploit (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, Softbiz Dating 1.0 SQL injection (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v2.0 RC2 "newthread.php" SQL Injection (25.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability (25.06.2006)
 documentrozowa.landrynka_(at)_spam.nation.pl, phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v2.3.1"report.php" SQL Injection (25.06.2006)
 documentdedi dwianto, [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion (25.06.2006)
 documentSilitix, Calendar ( Provided by Codewalkers ) - SQL Injection (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v1.2 "showmods.php" SQL Injection (25.06.2006)
 documentimei, [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access (25.06.2006)
 documentluny_(at)_youfucktard.com, Dating biz@ dating script v1.0 - XSS (25.06.2006)
 documentsoltan_defacer_(at)_yahoo.com, productcart soltan_defacer (25.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, Dating Agent PRO 4.7.1 Vulnerability (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, aeDating 4.1 XSS (25.06.2006)
 documentimei, [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables (25.06.2006)
 documentenji_(at)_seclab.tuwien.ac.at, QaTraq 6.5 RC: Multiple XSS Vulnerabilities (25.06.2006)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород