Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:		2 ноября 2006 г.
Источник:		BUGTRAQ
SecurityVulns ID:		6768
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		HOSTINGCONTROLLE : Hosting Controller 6.1
		INVISION : Invision Power Board 2.1
		TIKIWIKI : tikiwiki 1.9
		WORDPRESS : WordPress 2.0
		PHPMYADMIN : phpmyadmin 2.9
		BEN3W : 2BGal 3.0
		INNOVATEBOARD : Innovate Portal 2.0
		PWSPHP : PwsPHP 1.1
		TGSCMS : T.G.S. CMS 0.1
		LITHIUMCMS : Lithium CMS 4.04

Оригинальный текст		SECUNIA, [SA22607] Hosting Controller Multiple Vulnerabilities (02.11.2006)
		MILW0RM, PwsPHP <= 1.1 (themes/fin.php) Remote File Include Vulnerablity (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint" (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" (02.11.2006)
		Rapigator, [Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability (02.11.2006)
		Juha-Matti Laurio, [Full-disclosure] WordPress release 2.0.5 includes about 50 bugfixes (02.11.2006)
		Stefan Esser, [Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability (02.11.2006)
		securfrog_(at)_gmail.com, tikiwiki 1.9.5 mysql password disclosure & xss (02.11.2006)

Файлы:		2BGal 3.0 Remote Command Execution Exploit
		Exploits Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7
		Innovate Portal <= 2.0 Remote Code Execution Exploit
		T.G.S. CMS <= 0.1.7 Remote SQL Injection Exploit
		Lithium CMS <= 4.04c Remote Code Execution Exploit
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)