Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:		23 октября 2006 г.
Источник:		MILW0RM
SecurityVulns ID:		6742
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		PHPNUKE : PHP-Nuke 7.9
		YAPBB : YapBB 1.2
		PHPPOST : PHP-Post 1.01
		MAMBO : MamboWeather Mambo module 1.8
		MAMBO : com_videodb Mambo Componenet 0.3
		MAMBO : com_videodb Mambo Componenet 4.0
		NETDNS : Net_DNS 0.03
		SPEEDBERG : speedberg 1.2
		TAWLER : trawler 1.8
		WSNFORUM : WSN Forum 1.3
		PHPEXPLORER : PH Pexplorer 0.24
		JAXULTRABB : JaxUltraBB 2.0
		EZTICKET : EZ-Ticket 0.0
		EPNADMIN : EPNadmin 0.7
		CASTOR : CASTOR 1.1
		KAWF : kawf 1.0
		LOCI : Local Calendar System 1.1
		PHPAMX : phpamx 0.90
		LOUPORTAIL : Lou Portail 1.4
		WGCC : Web Group Communication Center 0.5
		ABB : Active Bulletin Board 1.1
		SEUECMS : Segue CMS 1.5
		PHPPOWERCARDS : phpPowerCards 2.10
		POWERPHLOGGER : Power Phlogger 2.0

Оригинальный текст		x_w0x, Power Phlogger 2.0.9 Remote|Local File Include Vulnerability (23.10.2006)
		nuffsaid, phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability (23.10.2006)
		nuffsaid, Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability (23.10.2006)
		ajannhwt_(at)_hotmail.com, Active Bulletin Board v1.1 beta2 (doprofiledit.asp) Remote User Pass Change (23.10.2006)
		ajannhwt_(at)_hotmail.com, WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability (23.10.2006)
		mp01010_(at)_yahoo.com, Lou Portail 1.4.1 Remote|Local File Include Vulnerability (23.10.2006)
		o0xxdark0o_(at)_msn.com, local Calendar System v1.1 (lcUser.php) Remote File Include (23.10.2006)
		o0xxdark0o_(at)_msn.com, kawf (config) Remote File Include (23.10.2006)
		Kw3rLn, EPNadmin remote Command Execution Vulnerabilities (23.10.2006)
		Kw3rLn, CASTOR <= 1.1.1 Remote Command Execution Vulnerability (23.10.2006)
		Kw3rLn, RSSonate remote Command Execution Vulnerabilities (23.10.2006)
		Kw3rLn, RSSonate remote Command Execution Vulnerabilities (23.10.2006)
		the master, EZ-Ticket v0.0.1 Remote File Inclusion Vulnerability (23.10.2006)
		paisterist.nst_(at)_gmail.com, PHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit (23.10.2006)
		Kacper, WSN Forum <= 1.3.4 (pathtoconfig) Remote File Include Exploit / Code Execution Vulnerability (23.10.2006)
		Kacper, YapBB <= 1.2 Beta2 (yapbb_session.php) Remote File Include Exploit (23.10.2006)
		Kacper, PHP-Post <= 1.01 (template) Remote Code Execution Exploit (23.10.2006)
		Kacper, PH Pexplorer <= 0.24 (Cookie/language.php) Remote Code Execution Exploit (23.10.2006)
		Kacper, JaxUltraBB <= 2.0 (delete.php) Defaced Exploit (23.10.2006)
		k1tk4t, trawler <= 1.8.1 Remote File Inclusion (23.10.2006)
		k1tk4t, speedberg <= 1.2beta1 Remote File Inclusion (23.10.2006)
		Drago84, Net_DNS: Remote File Inclusion by ToXiC CreW (23.10.2006)
		h4ntu, Mambo component remote inclusion vulneribility (23.10.2006)
		h4ntu, com_videodb Mambo Componenet <= 0.3en Remote Include Vulnerability (23.10.2006)
		h4ntu, Another Mambo module remote inclusion vulneribility (23.10.2006)
		x0r0n_(at)_hotmail.com, PHP Generator of Object SQL Database (path) Remote File Include Vulnerability (23.10.2006)

Обсудить:

Прочитать или оставить комментарии к новости (0 комментариев)