Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:5 февраля 2007 г.
Источник:
SecurityVulns ID:7182
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DVDDB : DVDdb 0.6
 SAKIC : Wap Portal Server 1.2
 TUFAT : Flashchat 4.7
CVE:CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.)
 CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.)
 CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.)
 CVE-2007-0794 (** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.)
 CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.)
Оригинальный текстdocumentbinaryloc_(at)_gmail.com, flashChat 4.7.8 Cross Site Scripting Vulnerability (05.02.2007)
 documentstormhacker_(at)_hotmail.com, flashChat 4.7.8 Cross Site Scripting Vulnerability (05.02.2007)
 documentstormhacker_(at)_hotmail.com, Wap Portal Serve 1.* <= Remote File Inclusion (05.02.2007)
 documentgokhankaya_(at)_hotmail.com, dvddb-0.6 media remote file include vuln. (05.02.2007)
 documentgokhankaya_(at)_hotmail.com, dvddb-0.6 media sql-inj. vuln. (05.02.2007)
 documentOmid, Sql injection bugs in Xoops 2.0.16 + Weblinks module (05.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Adrenalin's ASP Chat XSS (05.02.2007)
 documentsn0oPy.team_(at)_gmail.com, MysearchEngine XSS (05.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород