Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.03.2007
Source:
SecurityVulns ID:7350
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.1
 RPS : Rigter Portal System 6.2
 WEBMIN : Webmin 1.320
 MONITORLINE : Links Management Application 1.0
CVE:CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.)
 CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.)
 CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.)
Original documentdocumentChris Travers, DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25 (06.03.2007)
Files:Links Management Application V1.0 (lcnt) Remote BLIND SQL Injection Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod