 |
|
|
|
| Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) | | Опубликовано: |  | 4 января 2007 г. | | Источник: |  | | | SecurityVulns ID: |  | 6995 | | Тип: |  | удаленная | | Опасность: |  | 5/10 | | Описание: |  | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д. |
| Затронутые продукты: |  | OPENPINBOARD : OpenPinboard 2.0 | | CVE: |  | CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-0090 (WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.) | | | | CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.) | | | | CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.) | | | | CVE-2007-0050 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.) |
|
|
|
|
|
|
|
|
