Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:8 февраля 2007 г.
Источник:
SecurityVulns ID:7198
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:ADVANCEDPOLL : Advanced Poll 2.0
 SYSCP : SysCP 1.2
 WEBMATIC : WebMatic 2.6
 LUSHI : LushiNews 1.01
 LUSHI : LushiWarPlaner 1.0
 AGERMENU : AgerMenu 0.01
 OTSCMS : OTSCMS 2.1
 MAIAN : Maian Recipe 1.0
 LIGHTRO : LightRO CMS 1.0
 BTITTRACKER : BtitTracker 1.3
 SITEASSISTANT : Site-Assistant 0990
 MOINMOIN : MoinMoin 1.5
 VBDRUPAL : vbDrupal 4.7
CVE:CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.)
 CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.)
 CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.)
 CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.)
 CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.)
 CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.)
 CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.)
 CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.)
 CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.)
 CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.)
 CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.)
 CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.)
 CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.)
 CVE-2007-0839:
 CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.)
 CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.)
 CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.)
 CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.)
 CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.)
 CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.)
 CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.)
Оригинальный текстdocumentDenven, Maian Recipe 1.0 (path_to_folder) Remote File Include Vulnerability (08.02.2007)
 documentGregStar, OTSCMS <= 2.1.5 (SQL/XSS) Multiple Remote Vulnerabilities (08.02.2007)
 documentGolD_M, AgerMenu 0.01 (top.inc.php rootdir) Remote File Include Vulnerability (08.02.2007)
 documentMadNet, WebMatic 2.6 (index_album.php) Remote File Include Vulnerability (08.02.2007)
 documentflo_(at)_syscp.org, Ability to inject and execute any code as root in SysCP (08.02.2007)
 documentgokhankaya_(at)_hotmail.com, XLNC1 Radio Classical Music Nuke Portal Remote File Inc. Vuln. (08.02.2007)
 documentali_(at)_hackerz.ir, remote file include in whm (all version) (08.02.2007)
Файлы:LushiWarPlaner 1.0 (register.php) Remote SQL Injection Exploit
 Advanced Poll 2.0.0 >= 2.0.5-dev textfile admin session gen.
 Site-Assistant <= v0990(paths[version])Remote File Include Exploit
 LightRO CMS 1.0 (index.php projectid) Remote SQL Injection Exploit
 LushiNews <= 1.01 (comments.php) Remote SQL Injection Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород