 |
|
|
|
| Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) | | Опубликовано: |  | 21 августа 2007 г. | | Источник: |  | | | SecurityVulns ID: |  | 8071 | | Тип: |  | удаленная | | Опасность: |  | 5/10 | | Описание: |  | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д. |
| Затронутые продукты: |  | MCLINKSCOUNTER : mcLinksCounter 1.2 | | | | MYREFERER : My_REFERER 1.08 | | | | BUTTERFLY : Butterfly online vistors counter 1.08 | | | | GURURHABER : Gurur Portal 2.0 | | | | JOOMLA : SimpleFAQ 2.11 | | CVE: |  | CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.) | | | | CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.) | | | | CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter.) | | | | CVE-2006-4863 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file.) |
|
|
|
|
|
|
|
|
