Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.03.2007
Source:
SecurityVulns ID:7391
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ASSETMAN : AssetMan 2.4
 MOODLE : Moodle 1.7
 CLIPSHARE : ClipShare 1.5
 FLATCHAT : Flat Chat 2.0
 MAGICCMS : Magic CMS 4.2
CVE:CVE-2007-1456 (** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product.)
 CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.)
 CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.)
 CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.)
 CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
Original documentdocumentz3r0 z3r0.2.z3r0, Fantastico In all Version Cpanel 10.x <= local File Include (12.03.2007)
 documentBorN To K!LL BorN To K!LL, AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability (12.03.2007)
 documentzeus olimpusklan, [Full-disclosure] TinyMCE_exp Remote File Include Vulnerability (12.03.2007)
 documentHackers Center Security Group, Wiki Remote Authentication Bypass Vulnerability (12.03.2007)
 documentRaeD Hasadya, Remote File Include In ClipShare.v1.5.3 (12.03.2007)
 documentRaeD Hasadya, Remote File Include In Script moodle-1.7.1 (12.03.2007)
 documentRaeD Hasadya, Remote File Include In Script PHP Photo Album (12.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod