Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7108
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SITEMAN : Siteman 1.1
 EZDATABASE : ezDatabase 2.1
 CALACODE : @Mail 4.51
 UNIFORUM : uniForum 4
 ASPEDGE : ASP EDGE 1.2
 COMMUNITYSERVER : Community Server 2.1
 WORDPRESS : WordPress 2.1
 XERO : Xero Portal 1.2
 MAKEIT : makit news/blog poster 3
 AZTEK : Aztek Forum 4.1
 SITEMAN : Siteman 2.0
 GUOX : GPS 1.2
 SHOPPINGBASKET : Shopping Basket Professional 7.50
 DRUPAL : Drupal Project Module 4.7
 DRUPAL : Drupal Project issue tracking Module 4.7
 CGERESCUE : CGI Rescue WebFORM 4.3
CVE:CVE-2007-0861 (** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.)
 CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.)
 CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.)
 CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.)
 CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.)
 CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.)
 CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.)
 CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.)
 CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).)
 CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.)
 CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.)
 CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.)
 CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.)
 CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking.")
 CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.)
 CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.)
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
Оригинальный текстdocumentNetragard Security Advisories, [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery] (25.01.2007)
 documentSECUNIA, [SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection (25.01.2007)
 documentSECUNIA, [SA23887] Drupal Project Issue Tracking Module Multiple Vulnerabilities (25.01.2007)
 documentSECUNIA, [SA23908] Drupal Project Module Script Insertion Vulnerability (25.01.2007)
 documentSECUNIA, [SA23909] Shopping Basket Professional Command Injection (25.01.2007)
 documentCorryL, [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability (25.01.2007)
 documentme you, phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (25.01.2007)
 documentHackers Center Security Group, EzDatabase Multiple Cross-Site Scripting Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Weaknesses in Pingback Design (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Multiple Remote Vulnerabilities in Wordpress (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, DoS against Telligent Community Server (25.01.2007)
Файлы:Exploits Xero Portal v1.2 (phpbb_root_path) Local File Include Vulnerablity
 Aztek Forum 4.1 Multiple Vulnerabilities Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород