Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:7013
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:YALD : Yet Another Link Directory 1.0
 FIXNCHIPSIT : Fix & Chips CMS 1.0
CVE:CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.)
 CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.)
 CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.)
 CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.)
Original documentdocumentIbnuSina, shopstorenow (orange.asp) sql injection (07.01.2007)
 documentluny_(at), Fix & Chips CMS v1.0 (07.01.2007)
 documentluny_(at), Yet Another Link Directory v1.0 (07.01.2007)
 documentAdvisory_(at), ohhASP Remote Password Disclosure (07.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod