lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43035CBB.3030405@beccati.com>
Date: Wed, 17 Aug 2005 17:50:19 +0200
From: Matteo Beccati <matteo@...cati.com>
To: bugtraq@...urityfocus.com, phpsec@...arch.com
Subject: [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple
 vulnerabilities


========================================================================
phpAdsNew / phpPgAds security advisory             PHPADSNEW-SA-2005-001
------------------------------------------------------------------------
Advisory ID:           PHPADSNEW-SA-2005-001
Date:                  2005-Aug-17
Security risk:         highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= 2.0.5
Versions not affected: >= 2.0.6
========================================================================


========================================================================
Vulnerability 1:  arbitrary PHP code execution
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on
a vulnerable site.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.hardened-php.net/advisory_152005.67.html


========================================================================
Vulnerability 2:  local file inclusion
------------------------------------------------------------------------
Impact:           system access
Where:            from remote
========================================================================

Description
-----------
Maksymilian Arciemowicz of the securityreason.com team reported a local
file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by
missing sanitization of a GET variable.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16]
http://www.securityreason.com/


========================================================================
Vulnerability 3:  SQL injection
------------------------------------------------------------------------
Impact:           application admin access (+ potential system access)
Where:            from remote
========================================================================

Description
-----------
Pine Digital Security reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the clientid
GET variable. The vulnerability seems to be exploitable with MySQL 4.1+
or PostgreSQL to obtain administrator access to the application.
Depending on the database user permissions, an attacker could also gain
access to the local filesystem.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.pine.nl/




Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>



Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ