Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.01.2007
Source:
SecurityVulns ID:7017
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ALLMYGUESTS : AllMyGuests 3.0
 L2J : L2J Statistik Script 0.09
 ALLMYLINKS : AllMyLinks 0.5
 ALLMYVISITORS : AllMyVisitors 0.4
CVE:CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.)
 CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.)
 CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.)
 CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.)
Original documentdocumentbd0rk_(at)_hackermail.com, AllMyVisitors 0.4.0 File Inclusion Vulnerability (08.01.2007)
 documentGolD_M, AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability: (08.01.2007)
 documentbeks, AllMyGuests 3.0 Remote File Inclusion Vulnerability (08.01.2007)
Files:L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod