Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 17 апреля 2007 г.
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:7593
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WABBIT : Wabbit PHP Gallery 0.9
 PHPNUKE : PHP-Nuke 8.0
 WEBMETHODS : Glue 6.5
 JAMBOOK : Jambook 1.0
 ACTIONPOLL : Actionpoll 1.1
 MYBLOG : MyBlog 0.9
 IVANGALLERY : Ivan Gallery 0.1
 MYLITTLEHOMEPAGE : my little forum 1.7
 MYLITTLEHOMEPAGE : my little weblog
CVE:CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.)
 CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.)
 CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.)
 CVE-2007-2072 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use.)
 CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.)
 CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.)
 CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Оригинальный текстdocumentJeremy Epstein, webMethods Security Advisory: Glue console directory traversal vu lnerability (17.04.2007)
 documentpdp (architect), [Full-disclosure] Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentprogrammer_(at)_serbiansite.com, PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities (17.04.2007)
 documentRaeD Hasadya, Remot File Include In Script phphd_downloads (17.04.2007)
 documentRaeD Hasadya, Remot File Include download_engine_V1.4.3 (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery v0.9 Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little weblog Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little forum 1.7 Remote File Include Vulnerabilitiy (17.04.2007)
 documentseko_(at)_se-ko.info, Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentseko_(at)_se-ko.info, ActionPoll Script (actionpoll.php) Remote File Include // starhack.org (17.04.2007)
 documentAesthetico, [MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, LS simple guestbook - arbitrary code execution (17.04.2007)
Файлы:MyBlog <= 0.9.8 Remote Command Execution Exploit
 Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород