Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:4 января 2007 г.
Источник:
SecurityVulns ID:6995
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:OPENPINBOARD : OpenPinboard 2.0
CVE:CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0090 (WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.)
 CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.)
 CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.)
 CVE-2007-0050 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.)
Оригинальный текстdocumentdr.t3rr0r1st_(at)_yahoo.com, jgbbs (04.01.2007)
 documentzooz_998_(at)_hotmail.com, OpenPinboard <= Remote File Include (04.01.2007)
 documentAdvisory_(at)_Aria-Security.net, WineGlass "data.mdb" Remote Password Disclosure (04.01.2007)
 documentexe_crack_(at)_hotmail.com, openmedia local read file (04.01.2007)
Файлы:Simple Web Content Management System SQL Injection Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород