Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 21 февраля 2007 г.
Опубликовано:21 февраля 2007 г.
Источник:
SecurityVulns ID:7271
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:NABOCORP : Nabopoll 1.2
 PHPXMMS : phpXmms 1.0
 PHPNUKE : PHP-Nuke 8.0
 CALLCENTERSOFTWA : Call Center Software 0.93
 DRUPAL : getID3 1.7
 DRUPAL : Secure site 4.7 Drupal module
 PHPMYFAQ : phpmyfaq 1.6
 DRUPAL : Image Pager 4.7 Drupal module
CVE:CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.)
 CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.)
 CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).)
 CVE-2007-1053 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.)
 CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.)
 CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.)
 CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server.")
 CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.)
Оригинальный текстdocumentCorryL, [Full-disclosure] Call Center Software - Remote Xss Post Exploit - (21.02.2007)
 documentkrasza_(at)_gmail.com, [Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final (21.02.2007)
 documents0cratex_(at)_hotmail.com, Nabopoll Blind SQL Injection vulnerabilies (21.02.2007)
 documentcrazy_king_(at)_eno7.org, AdMentor Script Remote SQL injection Exploit (21.02.2007)
 documentilkerKandemir_(at)_mynet.com, phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities (21.02.2007)
Файлы:Nabopoll SQL Injection -- Proof of Concept Exploit
 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for mysql >= 4.0.24, using 'brute force'
 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for every base(PostgreSQL,mssql...) except MySQL base
 0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on
 Call Center Software - Remote Xss Post Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород