Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.02.2007
Source:
SecurityVulns ID:7188
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:UAPPLICATION : Uphotogallery 1.1
 LESNEWS : Les News 2.2
CVE:CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.)
 CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.)
 CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.)
Original documentdocumentHackers Center Security Group, Uphotogallery Multiple Cross-Site Scripting Vulnerability (06.02.2007)
 documentcanberx_(at)_bsdmail.com, Mina Ajans Script Remote File Inclusion Vuln. (06.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Les News v2.2 [Admin news without password] (06.02.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru