Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:20 февраля 2007 г.
Источник:
SecurityVulns ID:7266
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WEBSPELL : Webspell 4.01
 MEDIAWIKI : MediaWiki 1.8
 MEDIAWIKI : MediaWiki 1.9
 XLATUNES : XLAtunes 0.1
 SNITZ : Snitz Forums 2000 3.1
 HTACCESSPG : Htaccess Passwort Generator 1.1
 VIVVO : Vivvo Article Manager 3.4
 KAYAKO : ESupport 3.04
 NUKESENTINEL : NukeSentinel 2.5
CVE:CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit.")
 CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05 allows remote attackers to execute arbitrary SQL commands via an admin cookie.)
 CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.)
 CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.)
 CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.)
 CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.)
 CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.)
 CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.)
 CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.)
 CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.)
 CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.)
 CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.)
 CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.)
Оригинальный текстdocumentHackers Center Security Group, ESupport Multiple HTML Injection Vulnerabilities (20.02.2007)
 documenteyal_(at)_BugSec.com, MediaWiki Cross-site Scripting (20.02.2007)
 documentGuns_(at)_0x90.com.ar, XLAtunes 0.1 (album) Remote SQL Injection Vulnerability (20.02.2007)
 documentsn0oPy.team_(at)_gmail.com, MyCalendar multiple XSS (20.02.2007)
 documentMILW0RM, Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability (20.02.2007)
 documentkezzap66345, Htaccess Passwort Generator 1.1 (ht_pfad) RFI Vulnerability (20.02.2007)
 documentXORON, Snitz Forums 2000 Version 3.1 SR4 (pop_profile.asp) Remote SQL Injection Vulnerability (20.02.2007)
Файлы:NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit
 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit
 Exploits webSPELL v4.01.02 (showonly) Remote SQL Injection

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород