Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 25 мая 2007 г.
Опубликовано:25 мая 2007 г.
Источник:
SecurityVulns ID:7737
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:BOASTMACHINE : BoastMachine 3.0
 CUBECART : CubeCart 3.0
 JETBOX : Jetbox CMS 2.1
 WORDPRESS : WordPress 2.1
 PSYCHOSTATS : PsychoStats 3.0
 HLSTATS : HLstats 1.35
 CLONUSWIKI : ClonusWiki 0.5
 GMTT : GMTT Music Distro 1.2
 PHPPGADMIN : phpPgAdmin 4.1
 ABC : ABC Excel Parser 4.0
 2ZPROJECT : 2z project 0.9
 WIYS : WIYS 1.0
 GFORGE : gforge-plugin-scmcvs 4.5
CVE:CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution (25.05.2007)
 documentvagrant Pest, WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW) (25.05.2007)
 documentJanek Vind, [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5 (25.05.2007)
 documentthe_3dit0r_(at)_yahoo.com, ABC Excel Parser Pro v4.0 Remote File Include Exploit (25.05.2007)
 documentvagrant Pest, BoastMachine v3.0 platinum - Session Эd Hacking (25.05.2007)
 documentjohn_(at)_martinelli.com, RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability (25.05.2007)
 documentCornelius Riemenschneider, SQL-Injection in IP-TRACKING Mod for phpBB2.0.x (25.05.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy (25.05.2007)
 documentjohn_(at)_martinelli.com, RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3 (25.05.2007)
 documentjohn_(at)_martinelli.com, RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2 (25.05.2007)
 documentCorryL, GMTT Music Distro 1.2 XSS Exploit (25.05.2007)
 documentjohn_(at)_martinelli.com, RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities (25.05.2007)
 documentJanek Vind, [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 (25.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, Jetbox CMS version 2.1 XSS Attack Vulnerability (25.05.2007)
 documentjohn_(at)_martinelli.com, RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability (25.05.2007)
Файлы:Exploits ClonusWiki .5 - Cross-Site Scripting Vulnerability
 Exploits HLstats v1.35 - Cross-Site Scripting Vulnerability #3
 ABC Excel Parser v4.0 Remote File Include Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород