Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:24 апреля 2007 г.
Источник:
SecurityVulns ID:7630
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:LMS : lms 1.5
 ESFORUM : EsForum 3.0
 RIPECMS : Ripe Website Manager 0.8
 JOOMLA : Joomla 1.5
 BIBTEX : bibtex mase 2.0
 TOUTJAVASCRIPT : TJSChat 0.95
 ACVS : acvsws_php5 1.0
 PHPMYSPACE : phpMySpace Gold 8.10
 POSTREVOLUTION : Post Revolution 6.6
 POSTREVOLUTION : Post Revolution 7.0
 YABOOK : YA Book 0.98
Оригинальный текстdocumentomnipresent_(at)_email.it, YA Book Persistent XSS Bug (24.04.2007)
 documentInyeXion_(at)_gmail.com, Post Revolution Remote File Inclusion (24.04.2007)
 documentjohn_(at)_martinelli.com, phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit (24.04.2007)
 documentHACKERS PAL, DmCMS Shell Uploading (24.04.2007)
 documentMohandko_(at)_Gmail.com, acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy (24.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, TJSChat Version 0.95 Cross Site Scripting (24.04.2007)
 documentseko_(at)_se-ko.info, Big Blue Guestbook HTML Injection Vulnerabilities (24.04.2007)
 documentInyeXion_(at)_gmail.com, bibtex mase Remote File Inclusion (24.04.2007)
 documentOmid, Remote file inclusion in Joomla 1.5.0 Beta (24.04.2007)
 documentMohandko_(at)_Gmail.com, c-arbre <= Multiple Remote File Include Vulnerablitiy (24.04.2007)
 documentjohn_(at)_martinelli.com, Ripe Website Manager (<= 0.8.4) - SQL Injection Vulnerability and Cross-Site Scripting Exploit (24.04.2007)
 documentInyeXion_(at)_gmail.com, File117 Remote File Inclusion (24.04.2007)
 documentMohandko_(at)_Gmail.com, PHPMyBibli <= Multiple Remote File Include (24.04.2007)
 documentInyeXion_(at)_gmail.com, lms 1.5.3 Remote File Inclusion (24.04.2007)
 documentMohandko_(at)_Gmail.com, claroline <= Multiple Remote File Include Vulnerablitiy (24.04.2007)
 documentasdasd asdsadas, Allfaclassfieds (level2.php dir) remote file inclusion (24.04.2007)
Файлы:Ripe Website Manager (<= 0.8.4) - SQL Injection Vulnerability and Cross-Site Scripting Exploit
 DmCMS Shell Upload exploit
 phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород