Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:		28 сентября 2006 г.
Источник:
SecurityVulns ID:		6655
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		OPTIAL : Opial Audio/Video Download Management 1.0
		COMDEV : Comdev Events Calendar 3.1
		COMDEV : Comdev Newsletter 3.1
		COMDEV : Comdev FAQ Support 3.1
		COMDEV : Comdev Guestbook 3.1
		COMDEV : Comdev eCommerce 3.1
		COMDEV : Comdev CSV Importer 3.1
		COMDEV : Comdev Web Blogger 3.1
		COMDEV : Comdev Customer Helpdesk 3.1
		COMDEV : Comdev Vote Caster 3.1
		COMDEV : Comdev Contact Form 3.1
		COMDEV : Comdev News Publisher 3.1
		COMDEV : Comdev Photo Gallery 3.1
		COMDEV : Comdev Links Directory 3.1
		VIRTUEMART : VirtueMart Joomla eCommerce Edition 1.0
		ABLOG : A-Blog 2.0
		NEWSWRITER : Newswriter SW 1.42
		KIETU : Kietu 4.0
		EYEOS : eyeOS 0.9
		PABUGS : psBugs 2.0
CVE:		CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.)
		CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)

Оригинальный текст		SECUNIA, [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities (28.09.2006)
		SECUNIA, [SA22092] Opial Audio/Video Download Management Cross-Site Scripting (28.09.2006)
		SECUNIA, [SA22117] eyeOS Cross-Site Scripting Vulnerabilities (28.09.2006)
		D_7J, Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit (28.09.2006)
		co-type_(at)_hotmail.com, Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability (28.09.2006)
		v1per-haCker, A-Blog v2.0 Remote File Include (28.09.2006)
		ifx_(at)_cupu.us, bug com_madeira (28.09.2006)
		Base64, VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities (28.09.2006)
		stormhacker_(at)_hotmail.com, net2ftp: a web based FTP client :) <= Remote File Inclusion (28.09.2006)
		vannovax_(at)_gmail.com, MkPortal Cross Site Scripting (All versions) xSS (28.09.2006)
		stormhacker_(at)_hotmail.com, PHPSelect Web Development Division <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Newsletter 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev FAQ Support 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Guestbook 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev eCommerce 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev CSV Importer 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Web Blogger 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Vote Caster 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Contact Form 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev News Publisher 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Photo Gallery 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Links Directory 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Events Calendar 3.1 :) <= Remote File Inclusion (28.09.2006)

Файлы:		Newswriter SW v1.4.2 Remote File Include Exploit
		paBugs <= 2.0 Beta 3 Remote File Include Exploit
		Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)