Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7602
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:GALLERY : Gallery 1.2
 E107 : e107 0.7
 MYBB : MyBB 1.2
 WSDELUXE : NMDeluxe 1.0
 SUNSHOP : SunShop 3.5
 CODEBREAK : CodeBreak 1.1
 JOOMLA : JoomlaPack 1.0 module for Joomla
 JOOMLA : Joomla Template Be2004-2
 JOOMLA : AutoStand Category module for Joomla
 JOOMLA : New Article Component 1.1 module for Joomla
 JOOMLA : Tosmo Mambo 4.0 module for Joomla
 JOOMLA : Calendar (Agenda) 155 module for Joomla
 MXBB : MX Smartor FAP 2.0 module for MXBB
 MXBB : Shotcast 1.0 module for MXBB
 REZERVI : Rezervi Generic 0.9
 OPENMAIRIE : openMairie 1.11
 XOOPS : tsdisplay4xoops 0.1 module for Xoops
 AUDIOCMS : arash 0.1
 WEBSLIDER : Web Slider 0.6
 GARENNES : Garennes 0.6
 WEBKALK2 : WebKalk2 1.9
 JGALLERY : jGallery 1.3
 SUBSYSTEM : Mozzers SubSystem 1.0
 AIMSTATS : AimStats 3.2
 ZOMPLOG : Zomplog 3.8
 ANTHOLOGIA : ANTHOLOGIA 0.5
 MINIGAL : MiniGal b13
 CARBON : Cabron Connector 1.1
 RICARGBOOK : RicarGBooK 1.2
 SHOUTPRO : ShoutPro 1.5
 LSSIMPLE : LS simple guestbook 1
 EXPOW : Expow 0.8
 QDBLOG : QDBlog 0.4
 FROGSS : Frogss CMS 0.7
 PAPOO : Papoo 3.02
 CNSTATS : CNStats 2.9
 PIXARIA : Pixaria Gallery 1.4
 OSP : OpenSurvayPilot 1.2
 CREADIRECTORY : CreaDirectory 1.2
 XAMPP : XAMPP for Windows 1.6
 USEBB : UseBB 1.0
 OPENGROTTO : Open-gorotto 2.0
 OPENADS : Openads 2.3
 SIMPCMS : SimpCMS Light 04.10.2007
CVE:CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.)
 CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.)
 CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.)
 CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.)
 CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.)
 CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.)
 CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.)
 CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.)
 CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.)
 CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.)
 CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.)
 CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.)
 CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.)
 CVE-2007-1976 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.)
Оригинальный текстdocumentCyberGhost, CreaDirectory v1.2 Remote SQL Injection Vulnerability (19.04.2007)
 documentAlkomandoz Hacker, osp <= 1.2.1 (cfgPathToProjectAdmin) Remote File Include Vulnerablities (19.04.2007)
 documentAlkomandoz Hacker, AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentAlkomandoz Hacker, StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentirvian, sunshop 4 (index.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, CNStats 2.9 (who_r.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability (19.04.2007)
 documentomnipresent_(at)_email.it, QDBlog v0.4 - MULTIPLE VULNERABILITIES (19.04.2007)
 documentbilkopat_(at)_hotmail.com, Expow 0.8 File manager Autoindex.php (cfg_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentGammarays, LS simple guestbook (v1) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Cabron Connector 1.1.0-Full Remote File Inclusion Vulnerability: (19.04.2007)
 documentDj7xpl, Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln (19.04.2007)
 documentDj7xpl, Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, jGallery 1.3 (index.php) Remote File Inclusion Vulnerability (19.04.2007)
 documentGolD_M, WebKalk2 1.9.0 Remote File Include Vulnerablity (19.04.2007)
 documentGolD_M, Garennes 0.6.1 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, Web Slider 0.6(path)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, Gallery 1.2.5 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, tsdisplay4xoops 0.1(xoops_url)Remote File Include Vulnerabilitiy (19.04.2007)
 documentGolD_M, openMairie 1.11(/scr/soustab.php)Local File Inclusion Vulnerabilitiy (19.04.2007)
 documentGolD_M, Rezervi Generic 0.9(root)Remote File Include Vulnerablities (19.04.2007)
 documentbd0rk_(at)_hackermail.com, mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability (19.04.2007)
 documentMahmood_ali, com_mosmedia for Mambo & Jommla <= Remote File Include Vulnerability (19.04.2007)
 documentCold Zero, Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln (19.04.2007)
 documentCold Zero, Mambo/Joomla Module Weather (absolute_path) Remote File include Vuln (19.04.2007)
 documentCold Zero, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (19.04.2007)
 documentCold Zero, Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI (19.04.2007)
 documentCold Zero, Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities (19.04.2007)
 documentCold Zero, Jommla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) Remote File Include Vulnerabilities (19.04.2007)
Файлы:Exploits CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability
 Mybb <= 1.2.2 Remote SQL Injecton Exploit v.2.0
 Frogss CMS <= 0.7 SQL Injection Exploit
 freePBX 2.2.x full-log XSS PoC
 Papoo <= 3.02 (kontakt menuid) Remote SQL Injection Exploit
 MiniGal b13 Remote Code Execution Exploit
 E107 - (v0.7.8) Access Escalation Vulnerbility - PoC
 Joomla Template Be2004-2 (index.php) Remote File Include Exploit
 mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) Remote File Include Exploit
 AimStats 3.2 (process.php update) Remote Code Execution Exploit
 ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
 NMDeluxe 1.0.1 (template) Local File Inclusion Exploit
 XAMPP for Windows <= 1.6.0a adodb.php/mssql_connect() remote buffer overflow proof-of-concept exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород