| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Aug 2005 17:50:19 +0200 From: Matteo Beccati <matteo@...cati.com> To: bugtraq@...urityfocus.com, phpsec@...arch.com Subject: [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities ======================================================================== phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-001 ------------------------------------------------------------------------ Advisory ID: PHPADSNEW-SA-2005-001 Date: 2005-Aug-17 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: <= 2.0.5 Versions not affected: >= 2.0.6 ======================================================================== ======================================================================== Vulnerability 1: arbitrary PHP code execution ------------------------------------------------------------------------ Impact: system access Where: from remote ======================================================================== Description ----------- Stefan Esser of the Hardened-PHP Project reported a serious vulnerablility in the third-party XML-RPC library included with phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on a vulnerable site. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- http://www.hardened-php.net/advisory_152005.67.html ======================================================================== Vulnerability 2: local file inclusion ------------------------------------------------------------------------ Impact: system access Where: from remote ======================================================================== Description ----------- Maksymilian Arciemowicz of the securityreason.com team reported a local file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of a GET variable. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- [phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16] http://www.securityreason.com/ ======================================================================== Vulnerability 3: SQL injection ------------------------------------------------------------------------ Impact: application admin access (+ potential system access) Where: from remote ======================================================================== Description ----------- Pine Digital Security reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the clientid GET variable. The vulnerability seems to be exploitable with MySQL 4.1+ or PostgreSQL to obtain administrator access to the application. Depending on the database user permissions, an attacker could also gain access to the local filesystem. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.6. References ---------- http://www.pine.nl/ Contact informations ==================== The security contact for phpAdsNew and phpPgAds can be reached at: <security AT phpadsnew DOT com> Best regards -- Matteo Beccati http://phpadsnew.com/ http://phppgads.com/
Powered by blists - more mailing lists