Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7020
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:GFORGE : gforge 4.5
 MKPORTAL : MKPortal 1.1
 ALEXGUESTBOOK : @lex Guestbook 4.0
 GEOIP : geoip 1.4
 AJLOGIN : AJLogin 3.5
 EMEMBERSPRO : EMembersPro 1.0
 HARIKAONLINE : HarikaOnline 2.0
 UGUESTBOOK : Uguestbook 1.0
 NUNE : nune 2.0
CVE:CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 and earlier allow remote attackers to (1) include and execute arbitrary local files via a relative pathname in the lang parameter to index.php, which is handled in livre_include.php, and (2) possibly access arbitrary directories via the aj_skin and skin_edit parameters to admin/skins.php.)
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.)
 CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.)
 CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.)
 CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.)
 CVE-2007-0189 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.)
 CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.)
 CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.)
 CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.)
 CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.)
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.)
 CVE-2007-0156 (M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.)
 CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.)
 CVE-2007-0154 (Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.)
 CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.)
 CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.)
 CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.)
 CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.)
 CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.)
 CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.)
Оригинальный текстdocumentIbnuSina, magic photo storage website Multiple Remote File Inclusion (09.01.2007)
 documentjose.palanco_(at)_eazel.es, GForge Cross Site Scripting vulnerability (09.01.2007)
 documentIbnuSina, ppc engine Multiple file inclusion (09.01.2007)
 documentIbnuSina, createauction (cats.asp) Remote SQL Injection Vulnerability (09.01.2007)
 documentk1tk4t_(at)_newhack.org, magic photo storage website Remote File Inclusion (09.01.2007)
 documentinfo_(at)_burnhead.it, MKPortal Full Path Disclosure (09.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, GeoBB Georgian Bulletin Board Remote File Include Vuln. (09.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, Dayfox Blog Remote File Include Vuln. (09.01.2007)
 documentXORON, NUNE News Script (custom_admin_path) Remote File Include Vulnerablity (09.01.2007)
 documentbeks, Uguestbook Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, Webulas Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, HarikaOnline v2.0 Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, M-Core Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, MitiSoft Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, EMembersPro 1.0 Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, AJLogin v3.5 Remote Password Disclosure Vulnerability (09.01.2007)
 documentMANDRIVA, [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability (09.01.2007)
Файлы:@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород