Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 октября 2006 г.
Источник:
SecurityVulns ID:6721
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SMARTY : Smarty 2.6
 ZENCART : Zen Cart 1.3
 JINZORA : Jinzora 2.6
 VIEWVC : ViewVC 1.0
 EUPLOADER : E-Uploader Pro 1.0
 CENTIPAID : CentiPaid 1.4
 INCCMS : IncCMS Core 1.0
 CAMPSITE : CampSite 2.6
 CYBERBRAU : CyberBrau 0.9
 PHPBB : phpBB Fully Modded Documentation 206-3
 PHPBURNINGPORTAL : phpBurningPortal 1.0
 AROUNDME : AROUNDMe 0.6
 NURALSTORM : NuralStorm Webmail 0.98
 BBSNEW : bbsNew 2.0
 IRONMAIL : IronWebMail 6.1
CVE:CVE-2006-7193 (** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant.)
Оригинальный текстdocumentKw3rLn, NuralStorm Webmail <= 0.98b Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, AROUNDMe <= 0.5.2 [templatePath] Remote File Include Vulnerability (15.10.2006)
 documentsecurity_(at)_armorize.com, Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5 (15.10.2006)
 documentKw3rLn, CyberBrau <= 0.9.4 [path] Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, CampSite - BugReporter <= 2.6.1 Remote File Include Vulnerability (15.10.2006)
 documentKacper, IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, CentiPaid <= 1.4.2 [absolute_path] Remote File Include Vulnerability (15.10.2006)
 documentKacper, E-Uploader Pro <= 1.0 Remote Code Execution Vulnerabilities (15.10.2006)
 documentStefan Esser, [Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability (15.10.2006)
 documenterne_(at)_ernealizm.com, Jinzora 2.6 - Remote File Include Vulnerabilities (15.10.2006)
 documentstormhacker_(at)_hotmail.com, WDT:- osTicket File Include all V (15.10.2006)
 documenthitham hitham, [Full-disclosure] Vuln (15.10.2006)
Файлы:phpBurningPortal quiz-modul-1.0.1 - Remote File Include Exploit
 Exploits phpBBFM version 206-3-3 Remote File Include Vulnerability
 Exploits bbsNew => 2.0.1 Remote File Include Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород