Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:9 ноября 2006 г.
Источник:
SecurityVulns ID:6802
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPMYCHAT : phpMyChat 0.14
 KNOWLEDGEBUILDER : knowledgeBuilder 2.2
 FREEWEBSHOP : FreeWebshop 2.2
 PHPMYCHAT : PhpMyChat Plus 1.9
 SPEEDYWIKI : Speedywiki 2.0
 IMMEDIACY : Immediacy .NET CMS 5.2
 SAGE : Sage 1.3
 LETTERIT : LetterIt 2
CVE:CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.)
 CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect.)
Оригинальный текстdocumentv1per-haCker, gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability (09.11.2006)
 documentv1per-haCker, LetterIt v2 (inc/session.php) Remote File Include Vulnerability (09.11.2006)
 documentDavid Kierznowski, [Full-disclosure] RSS Injection in Sage part 2 (09.11.2006)
 documentlaurent gaffié, FreeWebshop <=2.2.2 [local file include & xss] (09.11.2006)
 documentProCheckUp Research, Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie (09.11.2006)
 documentlaurent gaffié, Speedwiki 2.0 Arbitrary File Upload Vulnerability (09.11.2006)
 documentlaurent gaffié, Abarcar Realty Portal [injection sql] (09.11.2006)
 documentlaurent gaffié, Portix-PHP [login bypass & xss (post)] (09.11.2006)
 documentnavairum_(at)_gmail.com, Y.A.N.S sql injection (09.11.2006)
 documentajannhwt_(at)_hotmail.com, PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability (09.11.2006)
 documentajannhwt_(at)_hotmail.com, PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities (09.11.2006)
Файлы:phpsatk Remote File Include Exploit
 knowledgebuilder Remote File Include Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород