Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:12 февраля 2007 г.
Источник:
SecurityVulns ID:7212
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPPOLLS : phpPolls 1.0
 MEDIAWIKI : MediaWiki 1.9
 BTITEAM : BtitTracker 1.4
 PRB : php rrd browser 0.2
 PHPMYVISITIES : phpMyVisites 2.2
 KILLERVAULT : KvGuestbook 1.0
CVE:CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.)
 CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.)
 CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.)
 CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.)
 CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.)
 CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".)
 CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.)
 CVE-2006-4750 (PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.)
Оригинальный текстdocumentx0r0n_(at)_hotmail.com, Philboard (id) Remote SQL Injection (12.02.2007)
 documenty3dips, [ECHO_ADV_64$2007] Openi CMS plugins (site protection) remote file inclusion (12.02.2007)
 documentcrazy_king_(at)_eno7.org, KvGuestbook Remote Add Admin Exploit (12.02.2007)
 documentraphael.huck_(at)_free.fr, MediaWiki Full Path Disclosure Vulnerability (12.02.2007)
 documentsn0oPy.team_(at)_gmail.com, phpPolls 1.0.3 (acces to sensitive file) (12.02.2007)
 documentbeNi, [Full-disclosure] different Wordpress Vulnerabilities (12.02.2007)
 documentnicob_(at)_nicob.net, [Full-disclosure] Multiple vulnerabilities in phpMyVisites (12.02.2007)
 documentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) (12.02.2007)
 documentPeko Takov, BtitTracker 1.4 XSS (12.02.2007)

Обратный путь в каталогах IP3 NetAccess (directory traversal)
Опубликовано:12 февраля 2007 г.
Источник:
SecurityVulns ID:7213
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах встроенного Web-сервера.
Затронутые продукты:IP3 : NetAccess 4.1
CVE:CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.)
Оригинальный текстdocumentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 (12.02.2007)

Перехват ввода пользователя в Microsoft Internet Explorer / Mozilla Firefox (input hijacking)
Опубликовано:12 февраля 2007 г.
Источник:
SecurityVulns ID:7214
Тип:клиент
Уровень опасности:
5/10
Описание:Возможно перехватить фокус ввода используя события OnKeyDown / OnKeyPress.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
CVE:CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.)
Оригинальный текстdocumentMichal Zalewski, [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification (12.02.2007)
 documentMichal Zalewski, [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers) (12.02.2007)

Переполнение буфера в µTorrent (buffer overflow)
Опубликовано:12 февраля 2007 г.
Источник:
SecurityVulns ID:7215
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе секции announce .torrent-файла.
Затронутые продукты:UTORRENT : µTorrent 1.6
CVE:CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.)
Файлы:PoC remote exploit for uTorrent 1.6

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород