Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.02.2007
Source:
SecurityVulns ID:7172
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:UAPPLICATYIONS : Ublog Reload 1.0
 BUGZILLA : Bugzilla 2.20
 BUGZILLA : Bugzilla 2.22
 BUGZILLA : Bugzilla 2.23
 WEBBUILDER : WebBuilder 2.0
 EPISTEMON : Epistemon 1.0
CVE:CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.)
 CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.)
 CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.)
 CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.)
Original documentdocumentHackers Center Security Group, Ublog Reload Admin Panel Multiple HTML Injections (04.02.2007)
 documentBUGZILLA, Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3 (04.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod