21,891
社区成员
发帖
与我相关
我的任务
分享小心: phpPgAdmin 包含文件任意命令执行漏洞
引用自 http://www.softhouse.com.cn/docs/southpark1545.html
phpPgAdmin 包含文件任意命令执行漏洞(2001-7-11)
名称: phpPgAdmin Included File Arbitrary Command Execution Vulnerability
类型: 输入确认错误
目标文件: sql.php (exec)
发布日期: 2001-7-11
影响系统: phpPgAdmin phpPgAdmin 2.2.1pl1
- Sun Solaris 8.0_x86
- Sun Solaris 8.0
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
phpPgAdmin phpPgAdmin 2.2.1
phpPgAdmin phpPgAdmin 2.2
不受影响: phpPgAdmin phpPgAdmin 2.3
描述: phpPgAdmin是一个免费的基于PHP开发的软件包,它为PostgreSQL数据库管理提供了一个图形界面。
由于sql.php没有充分对用户的输入进行验证,导致攻击者可能在该脚本中嵌入任意文件,这可能会导致系统敏感信息的泄露或者是任意命令的执行。
解决方法: 升级到更高版本,下载地址
phpPgAdmin phpPgAdmin 2.2.1pl1:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
phpPgAdmin phpPgAdmin 2.2.1:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
phpPgAdmin phpPgAdmin 2.2:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
phpPgAdmin 包含文件任意命令执行漏洞(2001-7-11)
名称: phpPgAdmin Included File Arbitrary Command Execution Vulnerability
类型: 输入确认错误
目标文件: sql.php (exec)
发布日期: 2001-7-11
影响系统: phpPgAdmin phpPgAdmin 2.2.1pl1
- Sun Solaris 8.0_x86
- Sun Solaris 8.0
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
phpPgAdmin phpPgAdmin 2.2.1
phpPgAdmin phpPgAdmin 2.2
不受影响: phpPgAdmin phpPgAdmin 2.3
描述: phpPgAdmin是一个免费的基于PHP开发的软件包,它为PostgreSQL数据库管理提供了一个图形界面。
由于sql.php没有充分对用户的输入进行验证,导致攻击者可能在该脚本中嵌入任意文件,这可能会导致系统敏感信息的泄露或者是任意命令的执行。
解决方法: 升级到更高版本,下载地址
phpPgAdmin phpPgAdmin 2.2.1pl1:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
phpPgAdmin phpPgAdmin 2.2.1:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
phpPgAdmin phpPgAdmin 2.2:
phpPgAdmin upgrade phpPgAdmin_2-3.tar.gz
ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
Secure Reality patch 2.2.1 phpPgAdmin-SecureReality.diff
http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff
...全文
请发表友善的回复…
发表回复
