Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		09.03.2007
Source:
SecurityVulns ID:		7361
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WORDPRESS : WordPress 2.1
		PHPNUKE : PHP-Nuke 8.0
		WEBO : Web Organizer 1.0
		PHPMYADMIN : phpMyAdmin 2.10
		DYNALIENS : dynaliens 2.1
CVE:		CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.)
		CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.)
		CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.)
		CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.)
		CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.)
		CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.)
		CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.)
		CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.)
		CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.)

Original document		RaeD Hasadya, Remote File Include In Script Coppermine Photo Gallery (09.03.2007)
		c_r_ck_(at)_hotmail.com, Lazarus Guestbook (admin.php)Remote File Include Expliot (09.03.2007)
		sn0oPy.team_(at)_gmail.com, dynaliens v2.0/v2.1 bypass admin authentification + XSS (09.03.2007)
		alfa_(at)_virtuax.be, xss in phpmyadmin >=2.8.0 and < 2.10.0 (09.03.2007)
		r00t2000_(at)_hush.com, Word Press Sensitive Directory exposure (SQL) (09.03.2007)
		RaeD Hasadya, Remote File Include In Script copyright (c) James Coyle; JCcorp (09.03.2007)
		erdc_(at)_echo.or.id, [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability (09.03.2007)
		RaeD Hasadya, XSS In Script deviantART (09.03.2007)
		Omid, Sql injection in WordPress 2.1.2 (09.03.2007)
		ascii, Php Nuke POST XSS on steroids (09.03.2007)

Files:		PHP-Nuke POST crossite scripting PoC
Discuss:		Read or add your comments to this news (0 comments)