Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:8 апреля 2007 г.
Источник:
SecurityVulns ID:7543
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:LIVOR : livor 2.5
 CMAILSERVER : CmailServer WebMail 5.3
 WITSHARE : witshare 0.9
CVE:CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.)
 CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.)
 CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.)
 CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.)
Оригинальный текстdocumentthe_3dit0r_(at)_yahoo.com, witshare 0.9 Remote File Include Vulnerabilitiy (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, livor 2.5 Cross-Site Scripting Vulnerability (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #41]onelook courts online - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, phpContact Multiple Remote File Inclusion Vulnerabilities (08.04.2007)
Файлы:CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород