Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7135
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SIPS : SIPS 0.3
 EXOSCRIPTS : ExoPHPDesk 1.2
 ZENPHOTO : zenphoto 1.0
 OPENEMR : OpenEMR 2.8
 EXTCAL : ExtCalendar 2.0
 CADRE : Cadre 20020724
 L2JPROPCALC : L2J Dropcalc 4
 PHPMYRING : PhpMyRing 4.1
 EXTCALENDAR : Extcalendar 2
 PHPBBTWEAKED : Phpbb Tweaked 3
 HAILBOARDS : Hailboards 1.2
 OMEGABOARD : Omegaboard 1.2
 CERULEAN : Cerulean Portal System 0.7
 PHPEVENTMAN : phpEventMan 1.0
 SUN : Java System Access Manager 6.1
 SUN : Java System Access Manager 6.2
 SUN : Java System Access Manager 7.0
CVE:CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.)
 CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.)
 CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.)
 CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.)
 CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.)
 CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.)
 CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.)
 CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.)
Оригинальный текстdocumentajannhwt_(at)_hotmail.com, phpEventMan v1.0.2 (level) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Cerulean Portal System (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Phpbb Tweaked (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability (01.02.2007)
 documentajannhwt_(at)_hotmail.com, ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Hunkaray Duyuru Scripti (tr) == SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability (01.02.2007)
 documentCodebreak, Michelle's L2J Dropcalc (01.02.2007)
 documenty3dips_(at)_gmail.com, [ECHO_ADV_63$2007] Cadre remote file inclusion (01.02.2007)
 documentKabusTR.coM , Speedy Asp Discussion Forum (forum.mdb) Remote Password Disclosure Vulnerablity (01.02.2007)
Файлы:Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород