Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.04.2007
Source:
SecurityVulns ID:7522
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:2BGAL : 2BGal 3.1
 DIRECTADMIN : DirectAdmin 1.29
 MAPTOOLS : MapLab 2.2
 LAM : LDAP Account Manager 1.2
 HOLA : holaCMS 1.4
 MYBB : MyBulletinBoard 1.2
CVE:CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.)
 CVE-2007-1852 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used.)
 CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).)
 CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.)
Original documentdocumentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue (03.04.2007)
 documentmufti.rizal_(at)_gmail.com, Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability (03.04.2007)
 documentKanedaaa Bohater, DirectAdmin persistant XSS [takeover an Administrator`s account] (03.04.2007)
 documentBorN To K!LL BorN To K!LL, 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability (03.04.2007)
Files:MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod