Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:17 ноября 2006 г.
Источник:
SecurityVulns ID:6838
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:ETOMITE : Etomite CMS 0.6
 DISCLOSER : Discloser 0.0
 STORYSTREAM : Storystream 4.0
 BLOO : Bloo 1.00
 HELM : Helm 3.20
 ODYSSEUSBLOG : OdysseusBlog 1.0
 DEVWMS : dev_wms 1.5
 SPHPBLOG : Sphpblog 0.8
 BLOGTORRENT : BlogTorrent-preview 0.92
 EGGBLOG : EggBlog 3.1
 MYBIC : My-BIC 0.6
 BLOGCMS : blogcms 4.0
 SWSOFT : Plesk 8.0
 COMDEV : Comdev One Admin Pro 4.1
 IGALLERY : i-Gallery 3.4
 PILOTCART : Pilot Cart 7.2
CVE:CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.)
Оригинальный текстdocumentAdvisory_(at)_Aria-Security.net, Image gallery with Access Database SQL Injection (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ASPintranet SQL Injection (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Pilot Cart V.7.2 [ injection sql (post) ] (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, i-Gallery 3.4 Cross Site Scripting (17.11.2006)
 documentAG- Spider, Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include (17.11.2006)
 documentlaurent gaffié, Hot Links download backup authorized vulnerabilities (re-post with some edit) (17.11.2006)
 documentlaurent gaffié, ASP Cart [multiples injection sql (post & get)] (17.11.2006)
 documentlaurent gaffié, BaalAsp forum [login bypass ,injections sql(post), xss(post)] (17.11.2006)
 documentlaurent gaffié, CandyPress Store[ multiples injection sql ] (17.11.2006)
 documentlaurent gaffié, eShopping Cart [injection sql] (17.11.2006)
 documentrevenge, Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) (17.11.2006)
 documentriclem_(at)_yahoo.com, Chetcpasswd 2.x: multiple vulnerabilities (17.11.2006)
 documentAesthetico, [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues (17.11.2006)
 documentlaurent gaffié, PhpMyAdmin all version [multiples vulnerability] (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, blogcms => 4.0.0 Remote File Include (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, eggblog=> 3.1.0 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, BlogTorrent-preview => 0.92 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Sphpblog => 0.8 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, dev_wms => 1.5 Remote File Include Vulnerabilities (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Bloo => 1.00 Remote File Include Vulnerability (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, OdysseusBlog => 1.0.0 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, discloser => 0.0.4 Remote File Include Vulnerabilities (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Helm Cross Site Scripting (17.11.2006)
Файлы:discloser => 0.0.4 Remote File Include Vulnerability Exploit
 Myphotos => Remote File Include Vulnerability
 worksystem => Remote File Include Vulnerability Exploit
 My-BIC => 0.6.5 Remote File Include Vulnerability
 RED Blog => Remote File Include Vulnerability Exploit
 RED Blog => Remote File Include Vulnerability Exploit
 Storystream => 4.0 Remote File Include Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород