Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.12.2009
Source:
SecurityVulns ID:10485
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DVBBS : Dvbbs 7.1
 SIMPLEPHPBLOG : Simple PHP Blog 0.5
 PHPCALENDAR : PHP-Calendar 1.1
 GANETI : Ganeti 1.2
 GANETI : Ganeti 2.0
 GANETI : Ganeti 2.1
 SIMPLEMACHINES : Simple Machine Forum 1.1
 PHPPOLLSCRIPT : phpPollScript 1.3
CVE:CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors.")
 CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.)
Original documentdocumentadmin_(at)_ekin0x.com, phpPollScript - 1.3 Remote File Include (21.12.2009)
 documentirancrash_(at)_gmail.com, SMF (Simple Machine Forum) 1.1.11 XSS - Discovered by : Khashayar Fereidani (21.12.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability (21.12.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Simple PHP Blog <= 0.5.1 Local File Include vulnerability (21.12.2009)
 documentmacaco-listo_(at)_hotmail.com, Re: Powered By Dvbbs Version 7.1.0 Sp1 By Pass (21.12.2009)
 documenthadikiamarsi_(at)_hotmail.com, Rumba XML XSS vulnerability (21.12.2009)
 documentAndrea Barisani, [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors (21.12.2009)
Files:Simple PHP Blog <= 0.5.1 Local File Include Exploit
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server