Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.02.2007
Published:		21.02.2007
Source:
SecurityVulns ID:		7271
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		NABOCORP : Nabopoll 1.2
		PHPXMMS : phpXmms 1.0
		PHPNUKE : PHP-Nuke 8.0
		CALLCENTERSOFTWA : Call Center Software 0.93
		DRUPAL : getID3 1.7
		DRUPAL : Secure site 4.7 Drupal module
		PHPMYFAQ : phpmyfaq 1.6
		DRUPAL : Image Pager 4.7 Drupal module
CVE:		CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.)
		CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.)
		CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).)
		CVE-2007-1053 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.)
		CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.)
		CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.)
		CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server.")
		CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.)

Original document		CorryL, [Full-disclosure] Call Center Software - Remote Xss Post Exploit - (21.02.2007)
		krasza_(at)_gmail.com, [Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final (21.02.2007)
		s0cratex_(at)_hotmail.com, Nabopoll Blind SQL Injection vulnerabilies (21.02.2007)
		crazy_king_(at)_eno7.org, AdMentor Script Remote SQL injection Exploit (21.02.2007)
		ilkerKandemir_(at)_mynet.com, phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities (21.02.2007)

Files:		Nabopoll SQL Injection -- Proof of Concept Exploit
		Call Center Software - Remote Xss Post Exploit
		0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for mysql >= 4.0.24, using 'brute force'
		0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version for every base(PostgreSQL,mssql...) except MySQL base
		0day exploit for PHP-nuke <=8.0 Final Blind sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on
Discuss:		Read or add your comments to this news (0 comments)