Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 5 марта 2007 г.
Опубликовано:5 марта 2007 г.
Источник:
SecurityVulns ID:7347
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:UPLOADSCRIPT : UploadScript 1.02
 WORDPRESS : WordPress 2.1
 RRDBROWSE : rrdbrowse 1.6
 EPORTFOLIO : ePortfolio 1.0
 SAVASPLACE : Sava's GuestBook 23.11.2006
 LISCRIPTS : LI-Guestbook 1.1
 VCARD : vCard 2.6
CVE:CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.)
 CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.)
 CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.)
 CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.)
 CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.)
Оригинальный текстdocumentciri_(at)_virtuax.be, Wordpress <= v2.1.0 (05.03.2007)
 documentRaeD Hasadya, XSS Remote In vCard 2.6 (c)2002 (05.03.2007)
 documentSebastian Wolfgarten, Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 (05.03.2007)
 documentbugtraq_(at)_belsec.com, LI-Guestbook SQL Injection Vulnerability (05.03.2007)
 documentbugtraq_(at)_belsec.com, Sava's GuestBook Multiple Vulnerabilities (05.03.2007)
 documentRaeD Hasadya, XXS in script Phorum (05.03.2007)
 documentRaeD Hasadya, Show Password Admin In Script Uploadscript (05.03.2007)
 documentStefan Friedli, ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities (05.03.2007)
 documentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 (05.03.2007)

Атака FTP bounce против FTP-клиентов
дополнено с 5 марта 2007 г.
Опубликовано:5 января 2009 г.
Источник:
SecurityVulns ID:7348
Тип:клиент
Уровень опасности:
5/10
Описание:Реализация пасивного FTP во многих клиентах позволяет использовать их для сканирования портов во внутренней сети.
Затронутые продукты:KDE : KDE 3.5
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 OPERA : Opera 9.10
 DEV0 : 0irc 1.3
 GOOGLE : Chrome 1.0
CVE:CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.)
 CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.)
Оригинальный текстdocumentAditya K Sood, Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability. (05.01.2009)
 documentmark, [Full-disclosure] Konqueror DoS Via JavaScript Read Of FTP Iframe (05.03.2007)
 documentmark, [Full-disclosure] Extending JavaScript Portscanning to Include Banner Grabbing (05.03.2007)
Файлы:Manipulating FTP Clients Using The PASV Command PoC
 Demo of how to make Konqueror 3.5.5 crash
 Manipulating FTP Clients Using The PASV Command

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород