Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7308
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:VIEWCVS : ViewCVS 0.9
 WORDPRESS : WordPress 2.1
 MTCMS : MTCMS 2.2
 ZEPHYRSOFT : Address Book Continued 1.00
 ZEPHYRSOFT : Address Book Continued 1.01
 EFICTION : eFiction 3.1
CVE:CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.)
 CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.)
 CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.)
Оригинальный текстdocumentStefan Friedli, Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities (27.02.2007)
 documentScarlet Pimpernel, [Full-disclosure] Multiple SQL Injection bugs in TCS website (27.02.2007)
 documentMoritz Naumann, ViewCVS 0.9.4 issues (27.02.2007)
 documentlaurent gaffié, MTCMS multiple upload vulnerabilities (27.02.2007)
 documentc_r_ck_(at)_hotmail.com, XXS in script Phorum (27.02.2007)
 documentSaMuschie, WordPress AdminPanel CSRF/XSS - 0day (27.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород