Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 11 апреля 2007 г.
Опубликовано:12 апреля 2007 г.
Источник:
SecurityVulns ID:7570
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WEBSPELL : Webspell 4.01
 WITSHARE : witshare 0.9
 SCORPBOOK : Scorp Book 1.0
 HGB : HIOX GUEST BOOK 4.0
 PHP121 : PHP121 Instant Messenger 2.2
 PCPSYSTEM : PcP-Guestbook 3.0
 BATTLENET : Battle.net Clan Script 1.5
 SMOD : SmodBIP 1.06
 SMOD : SmodCMS 2.10
 BERYO : Beryo 2.0
 CATTADOC : cattaDoc 2.21
 XOOPS : Jobs 2.4 module for Xoops
 XOOPS : WF-Links 1.03 module for Xoops
 SCARADCONTROL : ScarAdController 1.1
 DANIELNABER : LanguageTool 0.8
 ICHITARO : Ichitaro 2007
 TRUZONE : Tru-Zone Nuke ET 3.4
 ECARDMAX : eCardMAX HotEditor 4.0
 TOENDACMS : toendaCMS 1.5
 PHPWIKI : Phpwiki 1.3
CVE:CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.)
 CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.)
 CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.)
 CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.)
 CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.)
 CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact, possibly cross-site scripting (XSS), via unspecified vectors in a document distributed through e-mail or a web site.)
 CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.)
 CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.)
 CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.)
 CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.)
 CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.)
 CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.)
 CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.)
 CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote atatckers to read arbitrary files via a .. (dot dot) in the chemin parameter.)
 CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.)
 CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.)
 CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.)
 CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.)
 CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.)
 CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.)
 CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.)
 CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.)
Оригинальный текстdocumentHanno Bock, CVE-2007-1871: Cross site scripting in chcounter 3.1.3 (12.04.2007)
 documentjd2k2000_(at)_hotmail.com, E107 - (v0.7.8) Access Escalation Vulnerbility - PoC (12.04.2007)
 documentrurban_(at)_x-ray.at, Critical phpwiki c99shell exploit (12.04.2007)
 documentHanno Bock, CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3 (12.04.2007)
 documentTrex, WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability (12.04.2007)
 documentGolD_M, cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability (12.04.2007)
 documentGolD_M, Beryo 2.0(downloadpic.php chemin)Remote File Disclosure Vulnerability (12.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy (11.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, witshare 0.9 Local File Include Vulnerabilitiy (11.04.2007)
 documenth a c k e r _ X, Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability (11.04.2007)
 documentDj7xpl, PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities (11.04.2007)
 documentDj7xpl, PHP121 Instant Messenger 2.2 Local File Inclusion Vulnerability (11.04.2007)
 documentDj7xpl, HIOX GUEST BOOK (HGB) 4.0 Remote Code Execution Vulnerability (11.04.2007)
Файлы:Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit
 ScarNews (sn_admin_dir) Local File Inclusion Exploit
 SmodCMS <= 2.10 (Slownik ssid) Remote SQL Injection Exploit
 SmodBIP <= 1.06 (aktualnosci zoom) Remote SQL Injection Exploit
 XOOPS Module Jobs <= 2.4 (cid) Remote BLIND SQL Injection Exploit
 XOOPS Module WF-Links <= 1.03 (cid) Remote BLIND SQL Injection Exploit
 E107 - (v0.7.8) Access Escalation Vulnerbility - PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород