Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:22 ноября 2006 г.
Источник:
SecurityVulns ID:6847
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:POSTNUKE : PostNuke 0.7
 CUREPHP : CuteNews 1.4
 ETOMITE : Etomite CMS 0.6
 PERLFORUMS : Pearl Forums 2.4
 MGAPPLANIX : mg.applanix 1.3
 MXBB : mxBB calsnails module 1.06
 CONTENTNOW : ContentNow CMS 1.39
 IXPRIMCMS : Ixprim CMS 1.2
 TELAEN : Telaen 1.1
 RAPIDCLASSIFIED : Rapid Classified 3.1
 PHPOLL : PHPOLL 0.96
 RIALTO : Rialto 1.6
 SHOPPINGCATALOG : Shopping_Catalog 0.9
 DISCHUNARY : dicshunary 0.1
 ENOMPHP : enomphp 4.0
 DODOSMAIL : DodosMail 2.0
 LOUDMOUTH : LoudMouth 2.4
 BIRDBLOG : BirdBlog 1.4
 WABBIT : Wabbit PHP Gallery 0.9
 MALBUM : mAlbum 0.3
 LTWCALENDAR : ltwCalendar 4.2
 SEDITIO : Seditio 1.10
 LDU : LDU 8.0
 PHOTOCART : PhotoCart 3.9
 EARK : e-Ark 1.0
 PHPPC : phpPC 1.04
Оригинальный текстdocumentiss4m, phpPC 1.04 Multiples Remote File Inclusion (22.11.2006)
 documentDr Max Virus, Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities (22.11.2006)
 documentirvian, PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability (22.11.2006)
 documentsni-labs_(at)_sni-labs.com, Vulnerability in PostNuke (22.11.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. (22.11.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. (22.11.2006)
 documentlaurent gaffié, JiRos Links Manager[injection sql & xss permanent] (22.11.2006)
 documentlaurent gaffié, creadirectory [injection sql & xss] (22.11.2006)
 documentlaurent gaffié, Link Exchange Lite [injection sql] (22.11.2006)
 documentlaurent gaffié, aBitWhizzy [local file include] (22.11.2006)
 documentalireza hassani, [KAPDA]::Security analysis of cutenews 1.4.5 (22.11.2006)
 documentlaurent gaffié, The Classified Ad System [multiple xss & injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, ltwCalendar => 4.2.1 Remote File Include Vulnerabilities (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, my little weblog => Cross Site Scripting (22.11.2006)
 documentlaurent gaffié, Classified System [injection sql] (22.11.2006)
 documenttux025_(at)_gmail.com, mAlbum v0.3 Multiple vulnerabilitizzz (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery => 0.9 Remote Traversal Directory (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, BirdBlog => v1.4.0 Cross Site Scripting (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, LoudMouth => 2.4 Remote File Include Vulnerabilities (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Telaen => 1.1.0 Remote File Include Vulnerability (22.11.2006)
 documentlaurent gaffié, klf-realty [injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, enomphp => 4.0 Remote Traversal Directory (22.11.2006)
 documentAdvisory_(at)_Aria-Security.net, gNews Publisher SQL Injection Vulnerabilites (22.11.2006)
 documentlaurent gaffié, Rialto 1.6[admin login bypass & multiples injections sql] (22.11.2006)
 documentlaurent gaffié, eClassifieds [injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, PHPOLL => 0.96 Cross Site Scripting (22.11.2006)
 documentlaurent gaffié, ehomes [multiples injections sql] (22.11.2006)
 documentajannhwt_(at)_hotmail.com, ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability (22.11.2006)
 documentbluespy.ok_(at)_gmail.com, PhpBB Module Dimension Remote File Include (22.11.2006)
 documentvitux.manis_(at)_gmail.com, Ixprim CMS 1.2 Remote File Include Vulnerability (22.11.2006)
 documentrevenge, ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)
 documentrevenge, ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)
 documentrevenge, Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits (22.11.2006)
Файлы:Exploits Etomite CMS Remote Command Execution
 Exploits Etomite CMS "id" SQL Injection
 Exploits ContentNow "pageid" Sql Injection
 Telaen => 1.1.0 Remote File Include Vulnerability Exploit
 Shopping_Catalog Remote File Include exploit
 dicshunary 0.1 alpha Remote File Inclusion Exploit
 DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit
 mg.applanix <= 1.3.1 Remote File Include Exploit
 mxBB calsnails module 1.06 Remote File Inclusion Exploit
 MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
 e-Ark project Remote File Inclusion Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород