Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7046
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPMYADMIN : phpmyadmin 2.7
 PHPMYADMIN : phpmyadmin 2.8
 OPENSOLUTIONS : Quick.Cart 2.0
 NWOM : Nwom topsites 3.0
 EZBOXX : Ezboxx Portal System 0.7
 DWR : Direct Web Rendering 1.1
 MOVABLETYPE : Movable Type 3.34
 AIOCP : All In One Control Panel 1.3
 FASTILO : Fastilo 2.0
 SNEWS : sNews 1.5
 LUNARPOLL : LunarPoll 1.0
 TLMCMS : TLM CMS 1.1
 ARTICLESYSTEM : Article System 0.1
 VPASP : VP-ASP Shopping Cart 6.09
CVE:CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.)
 CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.)
 CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.)
 CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter.)
 CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.)
 CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.)
 CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.)
 CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.)
 CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.)
 CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.)
 CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.)
 CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)
 CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.)
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.)
 CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.)
 CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.)
 CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.)
 CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.)
Оригинальный текстdocumentajannhwt_(at)_hotmail.com, Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities (12.01.2007)
 documentDr Max Virus, Article System 0.1 (INCLUDE_DIR) Remote File Include Vulnerabilities (12.01.2007)
 documentGolD_M, TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (12.01.2007)
 documentilkerKandemir_(at)_mynet.com, LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability (12.01.2007)
 documentSECUNIA, [SA23738] Quick.Cart "p" Cross-Site Scripting Vulnerability (12.01.2007)
 documentSECUNIA, [SA23733] Fastilo "p" Cross-Site Scripting Vulnerability (12.01.2007)
 documentSECUNIA, [SA23726] All In One Control Panel "download_category" SQL Injection (12.01.2007)
 documentSECUNIA, [SA23662] Cuyahoga FCKEditor Security Bypass Issue (12.01.2007)
 documentSECUNIA, [SA23669] Movable Type "nofollow" Plugin Comment Script Insertion (12.01.2007)
 documentSECUNIA, [SA23656] b2evolution "redirect_to" HTML Attribute Cross-Site Scripting (12.01.2007)
 documentalfa_(at)_virtuax.be, xss in phpmyadmin <= 2.8.1 (12.01.2007)
 documentInfo_(at)_BugSec.com, Ezboxx multiple vulnerabilities. (12.01.2007)
 documentilkerKandemir_(at)_mynet.com, LunarPoll (PollDir) Remote File Include Vulnerabilities (12.01.2007)
 documentluny_(at)_youfucktard.com, Nwom topsites v3.0 (12.01.2007)
 documenthackerbinhphuoc_(at)_yahoo.com, easy-content filemanager (12.01.2007)
Файлы:sNews <= 1.5.30 unauthorized access / reset admin pass / cmd exec exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород