Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:24 сентября 2008 г.
Источник:
SecurityVulns ID:9305
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SQUIRRELMAIL : squirrelmail 1.4
 AWSTATS : awstats 6.4
 PHPMYADMIN : phpMyAdmin 2.11
 DATASPADE : Dataspade 1.0
 MYFWB : MyFWB 1.0
 MAPCAL : The Mapping Calendar 0.1
 FUZZYLIME : fuzzylime 3.02
 MANTIS : Mantis 1.1
 BLUEPAGE : Bluepage CMS 2.5
 XTCOMMERCE : xt:Commerce 3.04
 DATALIFECMS : Datalife Engine CMS 7.2
CVE:CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.)
 CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.)
 CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.)
 CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.)
 CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.)
 CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.)
 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.)
 CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).)
 CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.)
 CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.)
 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.)
 CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.)
 CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows remote attackers to create new administrative users via user_create.)
Оригинальный текстdocumenthadikiamarsi_(at)_hotmail.com, Xss In Datalife Engine CMS 7.2 (24.09.2008)
 documentAesthetico, [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues (24.09.2008)
 documentAesthetico, [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues (24.09.2008)
 documentFabian Fingerle, Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098 (24.09.2008)
 documentjplopezy_(at)_gmail.com, Blue Coat xss (24.09.2008)
 documentGuns_(at)_0x90.com.ar, MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection (24.09.2008)
 documentGuns_(at)_0x90.com.ar, MyFWB 1.0 Remote SQL Injection (24.09.2008)
 documentHanno Bock, menalto gallery: Session hijacking vulnerability, CVE-2008-3102 (24.09.2008)
 documentHanno Bock, drupal: Session hijacking vulnerability, CVE-2008-3661 (24.09.2008)
 documentHanno Bock, Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (24.09.2008)
 documentr0t, Dataspade xss (24.09.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород