Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:10 марта 2007 г.
Источник:
SecurityVulns ID:7370
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SNITZ : Snitz Forums 2000 3.4
 JELSOFT : vBulletin 3.5
 WEBCALENDAR : WebCalendar 1.0
 SQLLEDGER : SQL-Ledger 2.6
 VBULLETIN : vBulletin 3.6
 WORDPRESS : WordPress 2.1
 DRUPAL : Drupal Project issue tracking Module 4.7
 LEDGERSMB : LedgerSMB 1.1
 PHPNUKE : PHP-Nuke 8.0
 HCDESIGN : HC NEWSSYSTEM 1.0
 WORDPRESS : WordPress 2.2
 WWWPAINTBOAR : wwwpaintboar 1.0
 PMBSERVICES : PMB Services 3.0
 GSBLOGGER : Grayscale Blog 0.8
 NETFORO : netForo 0.1
 PHPNUKE : PostGuestbook 0.6 PHP-Nuke module
 EZSTREAM : EZStream 0.2
 ISPUTIL : ISPUtil 3.32
CVE:CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.)
 CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.)
 CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.)
 CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.)
 CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.)
 CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.)
 CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.)
 CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.)
 CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.)
 CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php.)
 CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.)
 CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.)
 CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter.)
 CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.)
 CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.)
 CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.)
 CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.)
 CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.)
 CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.)
 CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve.")
Оригинальный текстdocumentCyberGhost, GaziYapBoz Game Portal Remote SQL Injection Vulnerability (10.03.2007)
 documentGolD_M, PostGuestbook 0.6.1(tpl_pgb_moddir)Remote File Include Expliot (10.03.2007)
 documentGolD_M, netForo 0.1g(file_to_download)Remote File Disclosure Exploit (10.03.2007)
 documentomnipresent_(at)_email.it, Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 (10.03.2007)
 documenteufrato_(at)_gmail.com, [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability (10.03.2007)
 documentRaeD Hasadya, Remote File Include In Script SoftNews Media Group (10.03.2007)
 documentRaeD Hasadya, Remote File Include In Script Premod SubDog 2 (10.03.2007)
 documentprogrammer_(at)_serbiansite.com, PHP-Nuke <= 8.0 Cookie Manipulation (lang) (10.03.2007)
 documentChris Travers, Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today) (10.03.2007)
 documentsaw_xyz_(at)_yahoo.com, wwwpaintboar(newsfile) Remote File Inclusion Vulnerability (10.03.2007)
 documentg30rg3_x, WordPress XSS under function wp_title() (10.03.2007)
 documentUniqu3 Cr4ck, HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection (10.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород