Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		16.02.2007
Source:
SecurityVulns ID:		7252
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WORDPRESS : WordPress 2.0
		CEDSTAT : CedStat 1.31
		TURUNCU : Turuncu Portal 1.0
		MEGANOIDE : Meganoide's news 1.1
CVE:		CVE-2007-1057:TheNetDirect
		CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.)
		CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js.")
		CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.)
		CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
		CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.)

Original document		k4rtal_(at)_gmail.com, Meganoide's news v1.1.1 < = RFi Vulnerabilities (16.02.2007)
		sn0oPy.team_(at)_gmail.com, Dem_trac acces to log file wihtout authentification (16.02.2007)
		chernobiLe, Turuncu Portal v1.0 == SQL Injection Vulnerability (16.02.2007)
		sn0oPy.team_(at)_gmail.com, CedStat v1.31 XSS (16.02.2007)
		MustLive, Vulnerabilities в WordPress 2.0 (16.02.2007)

Discuss:

Read or add your comments to this news (0 comments)