Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7245
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DESKPRO : DeskPRO 1.1
 ADVANCEDPOLL : Advanced Poll 2.0
 DRUPAL : Drupal 4.7
 PHPCC : phpCC 4.2
 DRUPAL : Drupal 5.1
 NABOCORP : nabopoll 1.1
 MOHA : MOHA Chat 0.1
 ATMAIL : @mail 0.61
 HARPIA : Harpia CMS 1.0
 SCART : SCart 2.0
 APACHESTATS : Apache Stats 0.0
 TAGIT : TagIt! Tagboard 2.1
 ZEBRAFEEDS : ZebraFeeds 1.0
 ANSATHEUS : AT Contenator 1.0
 XARANCMS : Xaran CMS 2.0
 POLLMENTOR : PollMentor 2.0
CVE:CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.)
 CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.)
 CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.)
 CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.)
 CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.)
 CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.)
 CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.)
 CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.)
 CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.)
 CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.)
 CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.)
 CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.)
 CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.)
 CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.)
 CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.)
 CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.)
 CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.)
 CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.)
 CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.)
Оригинальный текстdocumentx0r0n_(at)_hotmail.com, Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability (15.02.2007)
 documentbeks, CodeAvalanche News SQL Injection (15.02.2007)
 document[email protected]_King, nabopoll 1.2 Remote Unprotected Admin Section Vulnerability (15.02.2007)
 document[email protected]_King, nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability (15.02.2007)
 documentThE [email protected], ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities (15.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in [Calendar Express 2 ] (15.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in [deskpro.com v1.1.0 ] (15.02.2007)
Файлы:Advanced Poll 2.0.0 >= 2.0.5-dev textfile RCE
 Drupal < 5.1 Remote Command Execution Exploit
 Drupal < 4.7.6 Remote Command Execution Exploit
 phpCC Beta <= 4.2 (nickpage.php npid) Remote SQL Injection Exploit
 Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit
 AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород