Информационная безопасность

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

back  новости / статьи / программы / поиск /  forward
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:13 января 2007 г.
Источник:
SecurityVulns ID:7050
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.0
 AIOCP : All In One Control Panel 1.3
 MINTHABER : MiNT Haber Sistemi v2.7
 IMPLIEDBYDESIGN : Micro CMS 3.5
 NAIG : Naig 0.5
CVE:CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.)
 CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.)
 CVE-2007-0260 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.)
 CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.)
 CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.)
Оригинальный текстdocumentcoloss7_(at)_gmail.com, Naig <= 0.5.2 (this_path) Remote File Include Vulnerability (13.01.2007)
 documentcoloss7_(at)_gmail.com, AIOCP Login Bypass Vulnerability (13.01.2007)
 documentcoloss7_(at)_gmail.com, AIOCP SQL Injection Vulnerability (13.01.2007)
 documentprocess_(at)_cnbct.org, Wordpress disclosure of Table Prefix Weakness (13.01.2007)
 documentchernobiLe, MiNT Haber Sistemi v2.7 (tr) == SQL Injection Vulnerability (13.01.2007)
Файлы:Micro CMS 3.5
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород