Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:4 февраля 2007 г.
Источник:
SecurityVulns ID:7172
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:UAPPLICATYIONS : Ublog Reload 1.0
 BUGZILLA : Bugzilla 2.20
 BUGZILLA : Bugzilla 2.22
 BUGZILLA : Bugzilla 2.23
 WEBBUILDER : WebBuilder 2.0
 EPISTEMON : Epistemon 1.0
CVE:CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.)
 CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.)
 CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.)
 CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.)
Оригинальный текстdocumentHackers Center Security Group, Ublog Reload Admin Panel Multiple HTML Injections (04.02.2007)
 documentBUGZILLA, Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3 (04.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород