Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:25 декабря 2006 г.
Источник:
SecurityVulns ID:6969
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:ENTHRALLWEB : Enthrallweb ePages 1.0
 ENTHRALLWEB : Enthrallweb eClassifieds 1.0
 ENTHRALLWEB : Enthrallweb eCoupons 1.0
 ENTHRALLWEB : Enthrallweb eNews 1.0
 ENTHRALLWEB : Dragon Business Directory 3.01
 MXMANIA : Calendar MX BASIC 1.0
 OKULMERKEZIPORTA : Okul Merkezi Portal 1.0
 PAGETOOL : Pagetool CMS 1.07
 B2 : B2 blog 0.5
 SHNEWS : SH-News 0.93
 OPENTAPS : opentaps 0.9
 ABLOG : a-blog 1.52
 HLSTATS : HLStats 1.34
 EFKAN : Efkan Forum 1.0
 JINZORA : Jinzora 2.7
 IROKEZ : Irokez CMS 0.7
 ENDONESIA : eNdonesia 8.4
 CIBERIA : ciberia 1.0
 SHADOWEDPORTAL : Shadowed Portal 5.7
 FILEUPLOADMAN : File Upload Manager 1.0
 MXMANIA : Newsletter MX 1.0
 ANANDA : Ananda Real Estate 3.4
 ENTHRALLWEB : Enthrallweb ePhotos 1.0
 ENTHRALLWEB : Enthrallweb eHomes 1.0
 ENTHRALLWEB : Enthrallweb eCars 1.0
 ENTHRALLWEB : Enthrallweb eMates 1.0
CVE:CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.)
 CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
Оригинальный текстdocumentSECUNIA, [SA23444] a-blog Cross-Site Scripting Vulnerability (25.12.2006)
 documentSECUNIA, [SA23457] opentaps "SEARCH_STRING" Cross-Site Scripting Vulnerability (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, b2 - 0.5 * [index] Remote File Include Vulnerability (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, Okul Merkezi Portal v1.0 Remote File IncLude Vuln. (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Enthrallweb ePhotos 1.0 (subLevel2.asp) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability (25.12.2006)
 documentcw.cybersecurity_(at)_gmail.com, myPHPNuke Gallery Module (basepath) Remote File Include (25.12.2006)
 documentcw.cybersecurity_(at)_gmail.com, Shadowed Portal 5.7. Roster Module (mod_root) Remote File Include (25.12.2006)
 documentz1ckX(ru), bugs for Endonesia8.4 (25.12.2006)
 documentnuffsaid, Irokez CMS <= 0.7.1 Multiple Remote File Include Vulnerabilities (25.12.2006)
 documentnuffsaid, Jinzora <= 2.7 (include_path) Multiple Remote File Include Vulnerabilities (25.12.2006)
 documentCorryL, [Full-disclosure] TimberWolf 1.2.2 vulnerable to XSS (25.12.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, Multiple Bugs in Future Internet ( XSS & SQL Injection ) (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, Efkan Forum v1.0 SqL Inj. Vuln. (25.12.2006)
Файлы:Newsletter MX <= 1.0.2 (ID) Remote SQL Injection Exploit
 File Upload Manager <= 1.0.6 (detail.asp) Remote SQL Injection Exploit
 Enthrallweb eNews 1.0 Remote User Pass Change Exploit
 Enthrallweb eCoupons 1.0(myprofile.asp) Remote Pass Change Exploit
 Enthrallweb eClassifieds 1.0 Remote User Pass Change Exploit
 Enthrallweb ePages (actualpic.asp) Remote SQL Injection Exploit
 Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit
 Enthrallweb eJobs (newsdetail.asp) Remote SQL Injection Exploit
 Exploits Pagetool CMS <=1.07 (RFI)
 SH-News 0.93 (misc.php) Remote File Include Exploit
 Exploits HLStats HLStats <=1.34 and Hlstats >= 1.20 SQL Inection + Path Disclosure
 MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit
 ciberia 1.0<(Ciberia Content Federator)>(maquetacion_socio.php) Remote File Inclusion Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород