Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 11 апреля 2007 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7564
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PUNBB : PunBB 1.2
 WEBAPP : WebAPP 0.9
 TOMEX : phpGalleryScript 1.0
 DROPAFEW : DropAFew 0.2
 MAILDWARF : MailDwarf 3.01
 WEBMETHODS : Glue 6.5
 MAMBO : com_zoom2 module for Mambo
 PHPFABER : phpFaber TopSites 3
 WEBLOGIN : Cosign 2.0
 PLPHP : pL-PHP 0.9
 ATMAIL : @Mail 5.0
 MAMBO : Tosmo 4.0 module for Mambo
 JOOMLA : Taskhopper 1.1 module for Joomla
 MAMBO : zOOm Media Gallery 2.5 module for Mambo
 PATHOS : Pathos CMS 0.92
 SISPLET : Sisplet CMS 05.10
 CODEWAND : phpBrowse
 PHPGENERICS : php-generics 1.0
 PHPNUKE : eBoard 1.0 module for PHP-Nuke
 INOUTMAILINGLIST : InoutMailingListManager 3.1
 PHPMYNEWSLETTER : phpMyNewsletter 0.8
 CREABOOK : Crea-Book 1.0
 WEATIMAGES : Weatimages 1.7
CVE:CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.)
 CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.)
 CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.)
 CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.)
 CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.)
 CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.)
 CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.)
 CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.)
 CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.)
 CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.)
 CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.)
 CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.)
 CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.)
 CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.)
 CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
 CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms.")
 CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.)
 CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit.")
 CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too.")
 CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.)
 CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters.")
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.)
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.)
 CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.)
 CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.)
 CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.)
 CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.)
 CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable.)
 CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.)
Оригинальный текстdocumentgmdarkfig_(at)_gmail.com, PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory) (12.04.2007)
 documentMILW0RM, phpGalleryScript 1.0 (init.gallery.php include_class) RFI Vulnerability (11.04.2007)
 documentCo-Sarper-Der, RFI Weatimages Hack (11.04.2007)
 documentXst3nZ, Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution (11.04.2007)
 documentbd0rk_(at)_hackermail.com, php-generics 1.0 Remote File Inclusion Vulnerabilities (11.04.2007)
 documentkezzap66345, CodeWand phpBrowse (site_path) Remote File Inclusion Vulnerability (11.04.2007)
 documentkezzap66345, Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability (11.04.2007)
 documentkezzap66345, Pathos CMS 0.92-2 (warn.php file) Remote File Inclusion Vulnerability (11.04.2007)
 documentiskorpitx, Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities (11.04.2007)
 documentCold z3ro, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (11.04.2007)
 documentCold z3ro, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (11.04.2007)
 documentjohn_(at)_martinelli.com, CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability (11.04.2007)
 documentAesthetico, [MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue (11.04.2007)
 documentomnipresent_(at)_email.it, pL-PHP beta 0.9 - Multiple Vulnerabilities (11.04.2007)
 documentJon Oberheide, [Full-disclosure] Cosign SSO Authentication Bypass (11.04.2007)
 documentasdasd asdsadas, nEw Bug :D (11.04.2007)
 documentzeus olimpusklan, [Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability (11.04.2007)
 documentPatrick Webster, webMethods Glue Management Console Directory Traversal (11.04.2007)
 documentAlexander Klink, [Full-disclosure] DropAFew - SQL injection and authorization issues (11.04.2007)
Файлы:PunBB <= 1.2.14 Remote Code Execution Exploit
 PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] Local File Inclusion Exploit
 InoutMailingListManager <= 3.1 Command Execution Exploit + Login Retrieve + Advisory
 phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород