Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:22 января 2007 г.
Источник:
SecurityVulns ID:7088
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WEBSPELL : Webspell 4.01
 212CAFE : 212cafeBoard 0.08
 212CAFE : 212cafeBoard 6.30
 WEBCHAT : WebChat 0.77
 PHPINDEXPAGE : phpindexpage 1.0
 Mafia : Mafia Scum Tools 2.0
CVE:CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.)
 CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.)
 CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.)
 CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.)
 CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.)
 CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.)
 CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.)
Оригинальный текстdocumentv1per-haCker, webchat File Include Vulnerability (22.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ) (22.01.2007)
Файлы:Exploits mafia-2-0-0 (Index.php)Remote File Include Vulnerability
 webSPELL SQL-injection exploit in gallery.php
 Exploits phpindexpage 1.0 & 1.0.1 (config.php)Remote File Include Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород