Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:18 января 2007 г.
Источник:
SecurityVulns ID:7066
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:MYBLOGGIE : myBloggie 2.1
 WOLTLAB : Woltlab Burning Board 2.3
 CACTI : cacti 0.8
 COMVIRONMENT : ComVironment 4.0
 UBERGHEY : uberghey cms 0.3
 PHPBP : phpBP 2.204
 mgb : MGB 0.5
 WBB : Woltlab Burning Board Lite 1.02
 PHPMYPHORUM : PHPMyphorum 1.5
CVE:CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.)
 CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other board[] parameters.)
 CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.)
 CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.)
 CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.)
 CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
 CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.)
 CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.)
 CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.)
Оригинальный текстdocumentDr Max Virus, Oreon <= 1.2.3 RC4 (lang/index.php file) Remote InclusionVulnerability (18.01.2007)
 documentv1per-haCker, PHPMyphorum 1.5a File Include Vulnerability (18.01.2007)
 documentGolD_M, Uberghey 0.3.1 (frontpage.php) Remote File Include Vulnerability (18.01.2007)
 documentGolD_M, ComVironment 4.0 (grab_globals.lib.php) Remote File Include Vulnerability (18.01.2007)
 documentCorryL, [x0n3-h4ck] myBloggie 2.1.5 XSS exploit (18.01.2007)
Файлы:phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit
 MGB <= 0.5.4.5 Exploit
 Exploits Oreon1.2.3 Remote File İnclude
 Woltlab Burning Board 2.X/Lite search.php SQL Injection exploit
 Woltlab Burning Board 2.3.6 <= / Lite Exploit
 Woltlab Burning Board Lite <= 1.0.2 / Woltlab Burning Board <= 2.3.6 GetHashes over search.php

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород