Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 25.02.2007
Source:
SecurityVulns ID: 7305
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: COPPERMINE : Coppermine Photo Gallery 1.3
PHPWEBGALLERY : Phpwebgallery 1.4
MICRONETWORK : ActiveCalendar 1.2
PHOTOSTAND : Photostand 1.2
PHPBB : phpBB Extreme 3.0
CSGALLERY : CS-Gallery 2.0
PHPBB : NoMoKeTos Rules 0.0 phpBB module
SINAPIS : Sinapis Forum 2.2
SINAPIS : Sinapis Gastebuch 2.2
FCRING : FCRing 1.3
CVE: CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.)
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.)
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.)
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.)
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.)
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.)
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.)
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.)
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.)
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.)
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.)
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.)
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.)
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.)
CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.)
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.)
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.)

Original document kezzap66345, Sinapis 2.2 Gastebuch (sinagb.php fuss) Remote File Include Vulnerability (25.02.2007)

kezzap66345, Sinapis Forum 2.2 (sinapis.php fuss) Remote File Include Vulnerability (25.02.2007)

kezzap66345, FCRing <= 1.31 (fcring.php s_fuss) Remote File Include Vulnerability (25.02.2007)

document Simon Bonnard, Phpwebgallery-1.4.1, Multiple Cross Site Scripting (25.02.2007)

Simon Bonnard, Photostand_1.2.0 Multiple Cross Site Scripting (25.02.2007)

Simon Bonnard, ActiveCalendar 1.2.0, Multiple vulnerabilities (25.02.2007)

laurent gaffié, pickle download local file (25.02.2007)

document laurent gaffié, Simple one-file gallery (25.02.2007)

laurent gaffié, xtcommerce local file include (25.02.2007)

laurent gaffié, shopkitplus local file include (25.02.2007)

Files: Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit
File Inclusion Exploit for CS_Gallery <= 2.0
phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit
phpBB Extreme 3.0.1 (phpbb_root_path) Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

test server