Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 5 сентября 2006 г.
Опубликовано:6 сентября 2006 г.
Источник:
SecurityVulns ID:6577
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SOFTBB : SoftBB 0.1
 NCHSOFTWARE : Web Dictate 1.02
 GAPAGENDA : GrapAgenda 0.1
 PHPPROXIMA : PHP Proxima 6
 MYSPEACH : MySpeach 3.0
 SPONGENEWS : Sponge News 2.2
 CNEWS : C-News 1.0
 ACGV : ACGV News 0.9
 PHPCOMMANDER : PhpCommander 3.0
 DRUPAL : Pathauto 4.7
 BINGOPHP : BinGo News 3.01
 PHPBB : PhpBB Shadow Prémod 2.7
 AKARRU : Akarru 0.4
CVE:CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.)
 CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.)
 CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.)
 CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.)
Оригинальный текстdocumenterne_(at)_ernealizm.com, Akarru v0.4.3.34 - Remote File Include Vulnerabilities (06.09.2006)
 documentKw3rLn, Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, BinGo News <= v3.01 (bnrep) Remote File Inclusion Exploit (06.09.2006)
 documentSECUNIA, [SA21779] Drupal Pathauto Module Cross-Site Scripting Vulnerability (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, C-News <= v1.0.1 (path) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, MySpeach <= v3.0.2 (my_ms[root]) Remote File Inclusion Exploit (05.09.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 25 ] GrapAgenda Remote Command Vulnerability (05.09.2006)
 documentthe.leo.008_(at)_gmail.com, SoftBB v0.1 < = Cross-Site Scripting (05.09.2006)
 documentrevnic_(at)_gmail.com, Web Dictate Admin Null Password Vulnerability (05.09.2006)
Файлы:SoftBB 0.1 Remote PHP Code Execution Exploit
 PHP Proxima <= v.6 Remote Code Execution Exploit
 pHNews <= alpha 1 (templates_dir) Remote Code Execution Exploit
 PhpCommander <= 3.0 Remote Code Execution Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород