Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7292
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.0
 WORDPRESS : WordPress 2.1
 WEBSPELL : webSPELL 3.01
 CONNECTIX : Connectix Boards 0.7
 DBIMAGEGALLERY : DBImageGallery 1.2
 DBGUESTBOOK : DBGuestBook 1.1
 DZCP : deV!Lz Clanportal 1.4
 ULTIMATEFUNBOARD : Ultimate Fun Book 1.02
 ONLINEWEBBUILDIN : Online Web Building 2.0
 PEANUTKB : Peanut Knowledge Base 0.0
 FLASHGAMESCRIPT : FlashGameScript 1.5
 DESIGN4ONLINE : UserPages2 2.0
CVE:CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.)
 CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.)
 CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.)
 CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.)
 CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.)
 CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.)
 CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.)
 CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.)
 CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.)
 CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.)
 CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.)
 CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.)
Оригинальный текстdocumentmalic89_(at)_gmail.com, FlashGameScript v1.5.4 Remote File Inclusion Vulnerability (23.02.2007)
 documentRaeD Hasadya, Hasadya Raed (23.02.2007)
 documentsn0oPy.team_(at)_gmail.com, JBrowser acces to admin/config files (23.02.2007)
 documentr.verton_(at)_gmail.com, WebSpell > 4.0 Authentication Bypass and arbitrary code execution (23.02.2007)
 documentXORON, Online Web Building v2.0 (id) Remote SQL Injection (23.02.2007)
 documentkezzap66345, Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability: (23.02.2007)
 documentKiba, DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable (23.02.2007)
 documentDenven, DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities (23.02.2007)
 documentDenven, DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities: (23.02.2007)
Файлы:webSPELL <= v4.01.02 (topic) Remote SQL Injection
 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород