Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl) - ошибки и эксплоиты

[RU] switch to
English Version

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано: 20 сентября 2006 г.
Источник:
SecurityVulns ID: 6633
Тип: удаленная
Опасность: 5/10
Описание: Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты: AEDATING : aeDating 4.1
ECARDPRO : ECardPro 2.0
INNOVATEBOARD : Innovate Portal v.0
PTNEWS : PT News 1.7
SITEATSCHOOL : Site@School 2.4
neon : Neon WebMail for Java 5.07
BCWB : BCWB 0.99
DIGITALWEBSHOP : Digital WebShop 1.128
TEKMAN : Tekman Portal 1.0
SDB : Simple Discussion Board 0.1
MYREVIEW : MyReview 1.9
EXPONENT : Exponent CMS 0.96
MOREGROUPWARE : more.groupware 0.7
PNPHPBB : PNphpBB2 1.2
ALSTRASOFT : AlstraSoft Efriends 4.85
PHPPOST : PHP-Post 1.01
AMAZINGLP : Amazing Little Poll 1.3
CMTEXTS : CMtextS 1.0
QUALITEAM : Qualiteam X-Cart Pro 4.1

Оригинальный текст document SECUNIA, [SA22005] Qualiteam X-Cart cmpi.php Variable Overwriting Vulnerability (20.09.2006)

SECUNIA, [SA21911] BizDirectory "message" Cross-Site Scripting Vulnerability (20.09.2006)

SECUNIA, [SA22013] ECardPro "keyword" SQL Injection Vulnerability (20.09.2006)

SECUNIA, [SA21988] CMtextS admin.txt Password Disclosure (20.09.2006)

document SECUNIA, [SA21997] Amazing Little Poll "lp_settings.inc" Password Disclosure (20.09.2006)

SECUNIA, [SA22014] PHP-Post Multiple Vulnerabilities (20.09.2006)

MILW0RM, PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability (20.09.2006)

SnIpEr_SA, Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit (20.09.2006)

document Saudi Hackrz, Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit (20.09.2006)

CeNGiZ-HaN, Simple Discussion Board Multiple F.le Inclusion Vulnerability (20.09.2006)

fixtr_(at)_bsdmail.com, Tekman Portal v1.0 (tr) SQL Injection Vulnerability (20.09.2006)

ajannhwt_(at)_hotmail.com, Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities (20.09.2006)

document ajannhwt_(at)_hotmail.com, Bcwb 0.99(root_path)Remote File Include Vulnerability (20.09.2006)

SECUNIA, [SA21956] Gnuturk Portal "t_id" Parameter SQL Injection Vulnerability (20.09.2006)

SECUNIA, [SA21955] aeDating "dir[inc]" File Inclusion Vulnerabilities (20.09.2006)

cdg393, [Full-disclosure] A.I-Pifou (Cookie) Local File Inclusion (20.09.2006)

document contact_(at)_secureshapes.com, [Full-disclosure] DotNetNuke HTML Code Injection (20.09.2006)

TAN Chew Keong, [Full-disclosure] [vuln.sg] Neon WebMail for Java Multiple Vulnerabilities (20.09.2006)

simo64_(at)_morx.org, Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities (20.09.2006)

document meto5757_(at)_hotmail.com, NextAge Cart Cross-Site Scripting multiple Vulnerabilities (20.09.2006)

Snake.Apollyon_(at)_Yahoo.com, PT News 1.7.8 (Search.php) XSS Vulnerability (20.09.2006)

Saudi Hackrz, Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit (20.09.2006)

document meto5757_(at)_hotmail.com, Innovate Portal v2.0 Index.PHP Xss Vuln. (20.09.2006)

Файлы: Site\@school remote file upload Xploit
MyReview 1.9.4 SQL Injection exploit
Exponent CMS 0.96.3 stable (possibly other versions) "view" arbitrary local inclusion / remote commands xctn exploit
Exploits more.groupware 0.7.4 remote sql injection
AlstraSoft Efriends 4.85 Remote Command Execution Exploit
Обсудить: Прочитать или оставить комментарии к новости (0 комментариев)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

test server