Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:24 июля 2006 г.
Источник:
SecurityVulns ID:6389
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPBB : phpBB 2.0
 PROXY2 : Advanced Poll 2.02
 INVISION : Invision Power Board 2.1
 PHPPOST : PHP-Post 1.0
 VISNETIC : Visnetic Mail Server 8.3
 VBZOOM : VBZooM 1.11
 SQUERY : SQuery 4.5
 MYBB : MyBB 1.1
 DELUXEBB : DeluxeBB 1.07
 BLOGCMS : BLOG:CMS 4.0
 FSCRIPTS : Fantastic Guestbook 2.0
 ESKOLAR : Eskolar CMS 0.9
 PHORUM : Phorum 5.1
 MINIBB : MiniBB 1.5
 SOFTCOMPLEX : phpEventCalendar 1.4
 CALENDARMODULE : Calendar Module 1.5
 SWSOFT : Plesk control panel 8.0
 ICEWARP : IceWarp Web Mail 5.6
 LISTMESSENGER : ListMessenger 0.9
 KEYIF : Keyif Portal 2.0
 MAMBO : Calendar Mambo Module1.5
 MAMBO : New Article Mambo Component 1.0
 PHPPOST : PHP-Post 0.21
 OWASP : WebScarab 20060621-0003
 MAMBO : ExtCalendar Mambo Module
 HDWEGUEST : hdweGUEST 2.1
 OSDATE : OSdate 1.1
 IMANAGE : iManage CMS 4.0
 PLANETC : planetGallery 22.05.2006
 SITEDEPTH : SiteDepth CMS 3.01
 PHPFABER : TopSites 2.0
 TOPXL : Top XL 1.1
 LOUDBLOG : LoudBlog 0.5
 CHAMELEON : Chameleon LE 1.203
 PHPBB : Advanced Guestbook for phpBB 2.4
 FIREMOUSE : Fire-Mouse TopList 1.1
 HIKIWIKI : Hiki 0.6
 BLACKBOARD : Blackboard Academic Suite 6.2
 VANILLA : Vanilla CMS 1.0
 PHPLIVE : PHP Live! 3.2
Оригинальный текстdocumentSaudi Hackrz, PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities (24.07.2006)
 documentmfoxhacker_(at)_gmail.com, [KurdishVanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.] (24.07.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] (24.07.2006)
 documentSilitix, DotClear : Multiples Full Path Disclosure (24.07.2006)
 documentAesthetico, [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure (24.07.2006)
 documentharbl_(at)_hushmail.com, Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability (24.07.2006)
 documentmail_(at)_blue-spy.net, Com Multibanners Remote File Inclusion (mosConfig_absolute_path) (24.07.2006)
 documentmail_(at)_sipplah.com, SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) (24.07.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] (24.07.2006)
 documentAG Spider, MiniBB Forum <= 1.5a Remote File Include (news.php) (24.07.2006)
 documentDEBIAN, [SECURITY] [DSA 1119-1] New hiki packages fix denial of service (24.07.2006)
 documentAesthetico, [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting (24.07.2006)
 documentAesthetico, [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities (24.07.2006)
 documentomnipresent_(at)_email.it, MicroGuestBook Remote XSS Attack (24.07.2006)
 documentAG Spider, MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) (24.07.2006)
 documentchris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion (24.07.2006)
 documentChris Norton, Unidomedia Chameleon LE/Pro Directory Traversal (24.07.2006)
 documentAesthetico, [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure (24.07.2006)
 documentAesthetico, [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability (24.07.2006)
 documentAesthetico, [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability (24.07.2006)
 documentRedTeam Pentesting, Advisory: Remote command execution in planetGallery (24.07.2006)
 documentmatdhule_(at)_gmail.com, [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion (24.07.2006)
 documentsledge_(at)_paradise.net.nz, AFCommerce Shopping Cart (24.07.2006)
 documentbinary.loc_(at)_gmail.com, osDate 1.1.7 multiple vulnerabilities (24.07.2006)
 documenttamriel_(at)_gmx.net, hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities (24.07.2006)
 documentSaudi Hackrz, ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities (24.07.2006)
 documentMoritz Naumann, WebScarab <= 20060621-0003 cross site scripting (24.07.2006)
 documentJessica Hope, DeluxeBB mutiple vulnerabilities (24.07.2006)
 documentfarhadkey_(at)_kapda.ir, [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability (24.07.2006)
 documenttamriel_(at)_gmx.net, Professional PHP Tools Guestbook Multiple Vulnerabilities (24.07.2006)
 documentssteam.pl_(at)_gmail.com, Cross Site Scripting Vulnerability in Zoho Virtual Office (24.07.2006)
 documentmatdhule_(at)_gmail.com, New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities (24.07.2006)
 documentmatdhule_(at)_gmail.com, Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006)
 documentx0r0n_(at)_hotmail.com, ListMessenger v0.9.3 Remote File Inclusion Vulnerability (24.07.2006)
 documentx0r0n_(at)_hotmail.com, Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download (24.07.2006)
 documentSECUNIA, Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities (24.07.2006)
 documentSECUNIA, Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities (24.07.2006)
 documentvuln.invent_(at)_gmail.com, Plesk Control Panel <= 8.0.0 XSS vulnerability (24.07.2006)
 documentchris_hasibuan_(at)_yahoo.com, PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion (24.07.2006)
 documentmatdhule_(at)_gmail.com, Calendar Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006)
 documentrst_(at)_ghc.ru, Invision Power Board 2.1 <= 2.1.6 sql injection (24.07.2006)
 documentomnipresent_(at)_email.it, Fantastic Guestbook v2.0.1 Advisory (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, VBZooM <=V1.11 "sub-join.php" SQL Injection (24.07.2006)
 documentChironex Fleckeri, SubberZ[Lite] - Remote File Include (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, VBZooM <=V1.11 " ignore-pm.php" SQL Injection (24.07.2006)
 documentmatdhule_(at)_gmail.com, MiniBB Forum <= 1.5a Remote File Include Vulnerabilities (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, VBZooM <=V1.11 " reply.php" SQL Injection (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, VBZooM "sendmail.php" SQL Injection (24.07.2006)
 documentsecurityconnection_(at)_gmail.com, Phorum 5.1.14 XSS SQL injection Vulnerability (24.07.2006)
 documentXavier, Rocks Clusters <=4.1 local root (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, MyGallery "Room.php" SQL Injection (24.07.2006)
 documentrenatrix_(at)_gmail.com, XSS phpBB 2.0.21 in administration (24.07.2006)
 documentBreeeeh_(at)_hotmail.com, saphp "add.php" forumid Parameter SQL Injection (24.07.2006)
Файлы:Eskolar CMS 0.9.0.0 Blind SQL Injection Exploit and bypass admin logon vulnerability
 SQuery <= 4.5(libpath) Remote File Inclusion Exploit
 MyBulletinBoard (MyBB) <= 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit
 boastMachine <= 3.1 SQL Injection Exploit
 Invision Power Board v2.1 <= 2.1.6 sql injection exploit
 Exploits LoudBlog <= 0.5 'id' SQL injection / admin credentials disclosure

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород