Информационная безопасность
[RU] switch to English


Повреждение памяти в Microsoft Windows (memory corruption)
дополнено с 16 декабря 2006 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:6944
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти CSRSS при выводе на экран сообщения MessageBox с параметром MB_SERVICE_NOTIFICATION, начинающегося на "\??\"
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.)
 CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.)
 CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.)
Оригинальный текстdocumentEEYE, EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation (11.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) (11.04.2007)
 documentReversemode, csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit (31.12.2006)
 document3APA3A, Microsoft Windows csrss (?) memory corruption exploited in-the-wild (16.12.2006)
 documentwins mallow, ms ;) (16.12.2006)
Файлы:Microsoft MessageBox memory corruption PoC
 Exploits Microsoft Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
 exploit NtRaiseHardError privesc and load dll into csrss
 Убийственный MessageBox от Мелкомягких
 Windows CSRSS HardError Message Box Vulnerability
 Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

Многочисленные уязвимости в MIT Kerberos (multiple bugs)
дополнено с 4 апреля 2007 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7527
Тип:удаленная
Уровень опасности:
9/10
Описание:Демон telnet позволяет доступ без пароля с любым именем пользователя. Переполнение буфера в krb5_klog_syslog(). Двойное освобождение памяти.
Затронутые продукты:MIT : krb5 1.6
CVE:CVE-2007-1216 (Double-free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".)
 CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.)
 CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.)
Оригинальный текстdocumentc0ntexb_(at)_gmail.com, Kerberos Version 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability (11.04.2007)
 documentMIT, MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] (04.04.2007)
 documentMIT, MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] (04.04.2007)
 documentMIT, MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] (04.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability (04.04.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities (04.04.2007)
Файлы:Exploits Kerberos 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability

Повышение привлегий через виртуальную DOS-машину Microsoft Windows (privilege escalation)
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7562
Тип:локальная
Уровень опасности:
5/10
Описание:Существуют кратковременные условия, позволяющие перезаписать нулевую страницу памяти виртуальной машины.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.)
 CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.)
Оригинальный текстdocumentEEYE, EEYE: Windows VDM Zero Page Race Condition Privilege Escalation (11.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) (11.04.2007)
Файлы:Microsoft Security Bulletin MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)

DoS против IPSec в Racoon
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7563
Тип:удаленная
Уровень опасности:
5/10
Описание:Можно оборвать установленный туннель IPSec.
Затронутые продукты:RACOON : racoon 0.6
CVE:CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.)
Оригинальный текстdocumentUBUNTU, [USN-450-1] ipsec-tools vulnerability (11.04.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 11 апреля 2007 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7564
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PUNBB : PunBB 1.2
 WEBAPP : WebAPP 0.9
 TOMEX : phpGalleryScript 1.0
 DROPAFEW : DropAFew 0.2
 MAILDWARF : MailDwarf 3.01
 WEBMETHODS : Glue 6.5
 MAMBO : com_zoom2 module for Mambo
 PHPFABER : phpFaber TopSites 3
 WEBLOGIN : Cosign 2.0
 PLPHP : pL-PHP 0.9
 ATMAIL : @Mail 5.0
 MAMBO : Tosmo 4.0 module for Mambo
 JOOMLA : Taskhopper 1.1 module for Joomla
 MAMBO : zOOm Media Gallery 2.5 module for Mambo
 PATHOS : Pathos CMS 0.92
 SISPLET : Sisplet CMS 05.10
 CODEWAND : phpBrowse
 PHPGENERICS : php-generics 1.0
 PHPNUKE : eBoard 1.0 module for PHP-Nuke
 INOUTMAILINGLIST : InoutMailingListManager 3.1
 PHPMYNEWSLETTER : phpMyNewsletter 0.8
 CREABOOK : Crea-Book 1.0
 WEATIMAGES : Weatimages 1.7
CVE:CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.)
 CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.)
 CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.)
 CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.)
 CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.)
 CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.)
 CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.)
 CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.)
 CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.)
 CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.)
 CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.)
 CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.)
 CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.)
 CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.)
 CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
 CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms.")
 CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.)
 CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit.")
 CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too.")
 CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.)
 CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters.")
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.)
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.)
 CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.)
 CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.)
 CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.)
 CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.)
 CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable.)
 CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.)
Оригинальный текстdocumentgmdarkfig_(at)_gmail.com, PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory) (12.04.2007)
 documentMILW0RM, phpGalleryScript 1.0 (init.gallery.php include_class) RFI Vulnerability (11.04.2007)
 documentCo-Sarper-Der, RFI Weatimages Hack (11.04.2007)
 documentXst3nZ, Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution (11.04.2007)
 documentbd0rk_(at)_hackermail.com, php-generics 1.0 Remote File Inclusion Vulnerabilities (11.04.2007)
 documentkezzap66345, CodeWand phpBrowse (site_path) Remote File Inclusion Vulnerability (11.04.2007)
 documentkezzap66345, Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability (11.04.2007)
 documentkezzap66345, Pathos CMS 0.92-2 (warn.php file) Remote File Inclusion Vulnerability (11.04.2007)
 documentiskorpitx, Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities (11.04.2007)
 documentCold z3ro, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (11.04.2007)
 documentCold z3ro, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (11.04.2007)
 documentjohn_(at)_martinelli.com, CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability (11.04.2007)
 documentAesthetico, [MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue (11.04.2007)
 documentomnipresent_(at)_email.it, pL-PHP beta 0.9 - Multiple Vulnerabilities (11.04.2007)
 documentJon Oberheide, [Full-disclosure] Cosign SSO Authentication Bypass (11.04.2007)
 documentasdasd asdsadas, nEw Bug :D (11.04.2007)
 documentzeus olimpusklan, [Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability (11.04.2007)
 documentPatrick Webster, webMethods Glue Management Console Directory Traversal (11.04.2007)
 documentAlexander Klink, [Full-disclosure] DropAFew - SQL injection and authorization issues (11.04.2007)
Файлы:PunBB <= 1.2.14 Remote Code Execution Exploit
 PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] Local File Inclusion Exploit
 InoutMailingListManager <= 3.1 Command Execution Exploit + Login Retrieve + Advisory
 phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit

Несанкционированный доступ к голосовой почте во многих системах
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7565
Тип:удаленная
Уровень опасности:
5/10
Описание:Для идентификации используется Caller ID (CNID), который может быть подменен.
CVE:CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).)
 CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).)
 CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).)
 CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).)

DoS против IBM Tivoli Provisioning Manager for OS Deployment
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7566
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректный разбор данных multipart/form-data HTTP POST-запроса по портам TCP/8080 и TCP/443.
Затронутые продукты:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.)
 CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.)

DoS против PulseAudio
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7567
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректное использование assert(), в т.ч. при получении пустого запроса.
Затронутые продукты:PULSEAUDIO : PulseAudio 0.9
CVE:CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.)
Оригинальный текстdocumentLuigi Auriemma, Pulseaudio 0.9.5 (rev 1437) termination (11.04.2007)
Файлы:Exploits Pulseaudio <= 0.9.5 (rev 1437) termination

DoS через drmgr в IBM AIX
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7568
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:IBM : AIX 5.3
CVE:CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.)

DoS против альфа-версии Mozilla Grand Paradiso
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:7569
Тип:клиент
Уровень опасности:
3/10
Описание:Отказ при большом количестве обращений к несуществующим апплетам.
Файлы:Mozilla Grand Paradiso crash PoC

DoS против Half-Life
дополнено с 22 апреля 2003 г.
Опубликовано:11 апреля 2007 г.
Источник:
SecurityVulns ID:2757
Тип:удаленная
Уровень опасности:
5/10
Описание:Неправильный пакет приводит к краху сервера.
Затронутые продукты:VALVE : hlds 3.1
 VALVESOFTWARE : Half-Life 3.1
Оригинальный текстdocumentLuigi Auriemma, Details about the hlfreeze/hl-headnut/csdos bugs (11.04.2007)
 documentSECURITEAM, [EXPL] Half-Life Exploit Code Released (Malformed Packet) (22.04.2003)
Файлы:Denial-of-service exploit against half-life-servers
 Exploits Half-Life fake players bug (no auth)
 Exploits Half-Life engine remote server/client crash

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 11 апреля 2007 г.
Опубликовано:12 апреля 2007 г.
Источник:
SecurityVulns ID:7570
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WEBSPELL : Webspell 4.01
 WITSHARE : witshare 0.9
 SCORPBOOK : Scorp Book 1.0
 HGB : HIOX GUEST BOOK 4.0
 PHP121 : PHP121 Instant Messenger 2.2
 PCPSYSTEM : PcP-Guestbook 3.0
 BATTLENET : Battle.net Clan Script 1.5
 SMOD : SmodBIP 1.06
 SMOD : SmodCMS 2.10
 BERYO : Beryo 2.0
 CATTADOC : cattaDoc 2.21
 XOOPS : Jobs 2.4 module for Xoops
 XOOPS : WF-Links 1.03 module for Xoops
 SCARADCONTROL : ScarAdController 1.1
 DANIELNABER : LanguageTool 0.8
 ICHITARO : Ichitaro 2007
 TRUZONE : Tru-Zone Nuke ET 3.4
 ECARDMAX : eCardMAX HotEditor 4.0
 TOENDACMS : toendaCMS 1.5
 PHPWIKI : Phpwiki 1.3
CVE:CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.)
 CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.)
 CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.)
 CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.)
 CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.)
 CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact, possibly cross-site scripting (XSS), via unspecified vectors in a document distributed through e-mail or a web site.)
 CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.)
 CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.)
 CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.)
 CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.)
 CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.)
 CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.)
 CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.)
 CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote atatckers to read arbitrary files via a .. (dot dot) in the chemin parameter.)
 CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.)
 CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.)
 CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.)
 CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.)
 CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.)
 CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.)
 CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.)
 CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.)
Оригинальный текстdocumentHanno Bock, CVE-2007-1871: Cross site scripting in chcounter 3.1.3 (12.04.2007)
 documentjd2k2000_(at)_hotmail.com, E107 - (v0.7.8) Access Escalation Vulnerbility - PoC (12.04.2007)
 documentrurban_(at)_x-ray.at, Critical phpwiki c99shell exploit (12.04.2007)
 documentHanno Bock, CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3 (12.04.2007)
 documentTrex, WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability (12.04.2007)
 documentGolD_M, cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability (12.04.2007)
 documentGolD_M, Beryo 2.0(downloadpic.php chemin)Remote File Disclosure Vulnerability (12.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MyBlog: PHP and MySQL Blog/CMS software Remote File Include Vulnerabilitiy (11.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, witshare 0.9 Local File Include Vulnerabilitiy (11.04.2007)
 documenth a c k e r _ X, Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability (11.04.2007)
 documentDj7xpl, PcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities (11.04.2007)
 documentDj7xpl, PHP121 Instant Messenger 2.2 Local File Inclusion Vulnerability (11.04.2007)
 documentDj7xpl, HIOX GUEST BOOK (HGB) 4.0 Remote Code Execution Vulnerability (11.04.2007)
Файлы:Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit
 ScarNews (sn_admin_dir) Local File Inclusion Exploit
 SmodCMS <= 2.10 (Slownik ssid) Remote SQL Injection Exploit
 SmodBIP <= 1.06 (aktualnosci zoom) Remote SQL Injection Exploit
 XOOPS Module Jobs <= 2.4 (cid) Remote BLIND SQL Injection Exploit
 XOOPS Module WF-Links <= 1.03 (cid) Remote BLIND SQL Injection Exploit
 E107 - (v0.7.8) Access Escalation Vulnerbility - PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород