Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:7 января 2007 г.
Источник:
SecurityVulns ID:7013
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:YALD : Yet Another Link Directory 1.0
 FIXNCHIPSIT : Fix & Chips CMS 1.0
CVE:CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.)
 CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.)
 CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.)
 CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.)
Оригинальный текстdocumentIbnuSina, shopstorenow (orange.asp) sql injection (07.01.2007)
 documentluny_(at)_youfucktard.com, Fix & Chips CMS v1.0 (07.01.2007)
 documentluny_(at)_youfucktard.com, Yet Another Link Directory v1.0 (07.01.2007)
 documentAdvisory_(at)_Aria-Security.net, ohhASP Remote Password Disclosure (07.01.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород