Очередные ошибки PHP, ASP, CGI дополнено с 21 февраля 2005 г.
Опубликовано:		27 февраля 2005 г.
Источник:
SecurityVulns ID:		4510
Тип:		удаленная
Опасность:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг и т.д.

Затронутые продукты:		PHPBB : phpBB 2.0
		VBULLETIN : vBulletin 3.0
		PHPNUKE : PHP-Nuke 7.4
		MEDIAWIKI : MediaWiki 1.3
		PHPMYADMIN : phpMyAdmin 2.6
		MAMBO : Mambo 4.5
		PANEWS : paNews 2.0
		WEBCONNECT : WebConnect 6.4
		WEBCONNECT : WebConnect 6.5
		INL : Ulog-php 1.0
		IRM : IRM 1.5
		VERITY : Ultraseek 5.3
		IGENERIC : iGeneric eShop 1.2
		PBLANG : PBLang 4.65
		CYCLADES : AlterPath Manager 1.2
		GINP : ginp 0.21
		CHATANYWHERE : Chat Anywhere 2.72
		PUNBB : PunBB 1.2
		PHPWEBSITE : phpWebSite 0.10
		TWIKI : ImageGalleryPlugin 1.0

Оригинальный текст		HaCkZaTaN, -==phpBB 2.0.12 Full path disclosure==- (27.02.2005)
		kreon, PHP-Nuke 7.4 WebLinks SQL-Injection (27.02.2005)
		SECUNIA, [SA14384] TWiki ImageGalleryPlugin Shell Command Injection (25.02.2005)
		HaCkZaTaN, phpWebSite 0.10.0 Full Path disclosure (25.02.2005)
		John Gumbel, Multiple vulns in punBB (25.02.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 (25.02.2005)
		tjomka_(at)_navigator.lv, phpWebSite-0.10.0_exploit (25.02.2005)
		tjomka_(at)_navigator.lv, phpWebSite-0.10.0 эксплоит (25.02.2005)
		SECUNIA, [SA14382] phpMyAdmin Local File Inclusion and Cross-Site Scripting (24.02.2005)
		SECUNIA, [SA14385] Chat Anywhere User Credentials Disclosure (24.02.2005)
		SECUNIA, [SA14373] ginp Directory Traversal Vulnerability (24.02.2005)
		sullo, [Full-Disclosure] Cyclades AlterPath Manager Vulnerabilities (24.02.2005)
		Raven, Software PBLang 4.65 pm.php XSS vulnerability (24.02.2005)
		Raven, Software PBLang 4.65 pmpshow.php XSS vulnerability (24.02.2005)
		Raven, Software PBLang 4.65 search.php XSS vulnerability (24.02.2005)
		IDEFENSE, iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability (24.02.2005)
		pokleyzz, [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection (24.02.2005)
		John Cobb, [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection (24.02.2005)
		IDEFENSE, iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability (24.02.2005)
		matrix_killer ma3x, PHPBB 2.0.12 bug (24.02.2005)
		SECUNIA, [SA14367] Verity Ultraseek Search Request Cross-Site Scripting (22.02.2005)
		pokleyzz, [Full-Disclosure] : [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection (22.02.2005)
		SECUNIA, [SA14360] MediaWiki Multiple Vulnerabilities (22.02.2005)
		SECUNIA, [SA14362] phpBB Avatar Functions Information Disclosure and Deletion (22.02.2005)
		SECUNIA, [SA14342] IRM LDAP Login Security Bypass Vulnerability (22.02.2005)
		SECUNIA, [SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion (22.02.2005)
		SECUNIA, [SA14321] Ulog-php SQL Injection Vulnerabilities (22.02.2005)
		CIRT Advisory, [Full-Disclosure] The WebConnect 6.4.4 and 6.5 contains several vulnerabilities (21.02.2005)
		tjomka_(at)_navigator.lv, paNews v2.0b4 - PHP Injection (21.02.2005)

Файлы:		phpWebSite-0.10.0 exploit
Обсудить:		Прочитать или оставить комментарии к новости (0 комментариев)