Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 24 января 2007 г.
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7090
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPADSNEW : phpAdsNew 2.0
 PHPOPENADS : phpPgAds 2.0
 PHPNUKE : PHP-Nuke 7.9
 WEBSITEBAKER : Website Baker 2.6
 BITWEAVER : bitweaver 1.3
 FREEFORUM : FreeForum 0.9
 CMSIMPLE : cmsimple 2.7
 PHPLINKDIRECTORY : PHP Link Directory 3.0
 OPENREALTY : Open-Realty 2.3
 UPLOADSCRIPT : UploadScript 1.02
 UPLOADSERVICE : Upload Service 1.0
 ADVANCEDGUESTBOO : Advanced Guestbook 2.4
 SCRIPTSEZ : Random PHP Quote 1.0
 YANAFRAMEWORK : Yana Framework 2.8
 INDISGUISE : Enthusiast 3.1
 PHPXD : phpxd 0.3
 BBCLONE : bbclone 0.31
 RPW : RPW 1.0
 ASPEDGE : ASP EDGE 1.2
 ASPNEWS : ASP NEWS 3
 VOTEPRO : Vote-Pro 4.0
 FREEWEBSHOP : FreeWebshop.org Script 2.2
 DRUPAL : Drupal Acidfree Module 4.6
 OPENADS : Openads 2.0
 WEBGUI : WebGUI 7.3
 DJANGO : django 0.95
 ZIXFORUM : ZixForum 1.14
 MAXTRICITY : Maxtricity Tagger 0.1
CVE:CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.)
 CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.)
 CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.)
 CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.)
 CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.)
 CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.)
 CVE-2007-054
 CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.)
 CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.)
 CVE-2007-0530 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.)
 CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.)
 CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.)
 CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.)
 CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.)
 CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.)
 CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.)
 CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.)
 CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.)
 CVE-2007-0487 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.)
 CVE-2007-0486 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.)
 CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.)
 CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.)
 CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.)
 CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.)
 CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.)
Оригинальный текстdocumentbeks, Maxtricity Tagger Password Disclosure Vulnerability (24.01.2007)
 documentme you, ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability (24.01.2007)
 documentMatteo Beccati, [Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed (24.01.2007)
 documentbeks, Toxiclab Shoutbox Password Disclosure Vulnerability (24.01.2007)
 documentSECUNIA, [SA23826] Django Two Vulnerabilities (24.01.2007)
 documentSECUNIA, [SA23754] WebGUI User Name Script Insertion Vulnerability (24.01.2007)
 documentSECUNIA, [SA23720] Openads / Openads for PostgreSQL Cross-Site Scripting Vulnerability (24.01.2007)
 documentPHPNUKE, [SA23748] PHP-Nuke "cat" Old Articles Block SQL Injection (24.01.2007)
 documentSECUNIA, [SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability (24.01.2007)
 documentSECUNIA, [SA23898] FreeWebShop.org "lang_file" File Inclusion Vulnerability (24.01.2007)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] MyBB Cross-Site Scripting (24.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability (24.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (24.01.2007)
 documentDr Max Virus, phpXD <= 0.3 (path) Remote File Inclusion Vulnerability (24.01.2007)
 documentDr Max Virus, BBClone 0.31 (selectlang.php) Remote File Inclusion Vulnerability (24.01.2007)
 documentDr Max Virus, RPW 1.0.2 (config.php sql_language) Remote File Inclusion Vulnerability: (24.01.2007)
 documentSECUNIA, [SA23865] Enthusiast Cross-Site Scripting and SQL Injection (24.01.2007)
 documentSECUNIA, [SA23855] Yana Framework Guestbook Profile Security Bypass (24.01.2007)
 documentthe.tiger100_(at)_gmail.com, subscribe (pwd.txt) Remote Password Disclosur (24.01.2007)
 documentthe.tiger100_(at)_gmail.com, RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur (24.01.2007)
 documentC0r3 1mp4ct, AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability (24.01.2007)
 documentme you, Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability (24.01.2007)
 documenty3dips_(at)_gmail.com, [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion (24.01.2007)
 documentRolf Huisman, SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before (24.01.2007)
 documentme you, Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability (24.01.2007)
 documentme you, UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability (24.01.2007)
 documentCorryL, [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in Open-Realty ( v2.3.4 ) (24.01.2007)
 documentjussi.vuokko_(at)_smilehouse.com, PHP Link Directory XSS Vulnerability version <= 3.0.6 (24.01.2007)
 documentmr alkomandoz, phpAdsNew 2.0.7 Remote File Include (24.01.2007)
 documentmr alkomandoz, cmsimple 2.7 Remote File Include (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, SQL Injection in Unique Ads ( UDS ) (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS in Guestbook ( v.4.00 beta ) (24.01.2007)
 documentAdvisory_(at)_Aria-Security.net, XMB "U2U Instant Messenger" Cross-Site Scripting (24.01.2007)
 documentme you, FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability (24.01.2007)
 documentlaurent gaffié, FishCart [injection sql] (24.01.2007)
Файлы:Vote-Pro Code Injection Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород