Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.03.2007
Published:05.03.2007
Source:
SecurityVulns ID:7347
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:UPLOADSCRIPT : UploadScript 1.02
 WORDPRESS : WordPress 2.1
 RRDBROWSE : rrdbrowse 1.6
 EPORTFOLIO : ePortfolio 1.0
 SAVASPLACE : Sava's GuestBook 23.11.2006
 LISCRIPTS : LI-Guestbook 1.1
 VCARD : vCard 2.6
CVE:CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.)
 CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.)
 CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.)
 CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.)
 CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.)
Original documentdocumentciri_(at)_virtuax.be, Wordpress <= v2.1.0 (05.03.2007)
 documentRaeD Hasadya, XSS Remote In vCard 2.6 (c)2002 (05.03.2007)
 documentSebastian Wolfgarten, Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 (05.03.2007)
 documentbugtraq_(at)_belsec.com, LI-Guestbook SQL Injection Vulnerability (05.03.2007)
 documentbugtraq_(at)_belsec.com, Sava's GuestBook Multiple Vulnerabilities (05.03.2007)
 documentRaeD Hasadya, XXS in script Phorum (05.03.2007)
 documentRaeD Hasadya, Show Password Admin In Script Uploadscript (05.03.2007)
 documentStefan Friedli, ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities (05.03.2007)
 documentSebastian Wolfgarten, [Full-disclosure] Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 (05.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod