Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 03.02.2007
Source:
SecurityVulns ID: 7161
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: FLIPPERPOLL : Flipper Poll 1.1
KGB : KGB 1.9
PHOTOGALERIE : Photo Galerie Standard 1.1
DBMASTERS : dB Masters' Curium CMS 1.03
COD2DREAMSTATS : CoD2: DreamStats 4.2
EQDKP : eqDKP 1.3
F3SITE : F3Site 2.1
EZCONVERT : phpBB ezBoard converter 0.2
PHPBBPP : phpBB++ 100
CVE: CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.)
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.)
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.)
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.)
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.)
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.)
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.)

Original document cw.cybersecurity_(at)_gmail.com, Flipper Poll v1.1.0 (poll.php) remote file include vuln (03.02.2007)

eight10_(at)_gmail.com, EQdkp <= 1.3.1 Referer Spoof to access to SQL Database (03.02.2007)

ThE dE@Th, CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability (03.02.2007)

document ajannhwt_(at)_hotmail.com, Photo Galerie Standard <= 1.1 (view.php) Remote SQL Injection Vulnerability (03.02.2007)

ajannhwt_(at)_hotmail.com, dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability (03.02.2007)

Files: F3Site <= 2.1 Remote Code Execution Exploit
phpBB++ (phpbb_root_path) Remote File Include Exploit
KGB <= 1.9 Remote Code Execution Exploit
ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

test server