Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:		2 декабря 2006 г.
Источник:		BUGTRAQ
SecurityVulns ID:		6883
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		PHPGRAPHY : phpGraphy 0.9
		CPANEL : cPanel 11
		FREEQBOARD : freeqboard 1.1
CVE:		CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.)

Оригинальный текст		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuClassMate SQL Injection Vuln (02.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuNews SQL Injection Vuln (02.12.2006)
		ajannhwt_(at)_hotmail.com, Ultimate HelpDesk All Version (Source/XSS) Vulnerabilities (02.12.2006)
		-= SHELL =- -= SHELL =-, freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability (02.12.2006)
		ShaFuq31_(at)_HoTMaiL.CoM, Aspee Ziyareti Defteri (tr) Sql injection Vuln. (02.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security.Net] Web Hosting Control Panel - cPanel 11 Multiple Cross-Site Scripting Vulnerabilites (02.12.2006)

Файлы:		WikyBlog Local File Inclusion Exploit
		PHPGraphy 0.9.12 Zend_Hash_Del_Key_Or_Index privilege escalation
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)