Gossamer Forum
Home : General : Internet Technologies :

IIS Security Report: Interesting reports for Programmers/Users (example: Perl/PHP)

Quote Reply
IIS Security Report: Interesting reports for Programmers/Users (example: Perl/PHP)
Came across a few interesting tidbits in the Internet Security Systems report that I am subscribed to. If you're not already subscribed, you should be.

Quote:

Date Reported: 09/18/2002
Brief Description: HAMweather hwadmin.cgi script allows Web
administration access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Unix Any version, HAMweather
2.x
Vulnerability: hamweather-hwadmin-web-admin
X-Force URL: http://www.iss.net/...ter/static/10182.php

Date Reported: 09/22/2002
Brief Description: phpWebSite modsecurity.php could be used to include
remote PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, modsecurity.php prior to 1.11,
Unix Any version, phpWebSite Stable - 0.8.2
Vulnerability: phpwebsite-modsecurity-file-include
X-Force URL: http://www.iss.net/...ter/static/10164.php

Date Reported: 09/23/2002
Brief Description: HP VVOS Apache mod_ssl denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Apache HTTP Server Any version, HP-UX 11.04 VVOS,
HP VirtualVault 4.5, HP VirtualVault 4.6
Vulnerability: hp-vvos-modssl-dos
X-Force URL: http://www.iss.net/...ter/static/10206.php

Date Reported: 09/24/2002
Brief Description: vBulletin calendar.php could allow remote command
execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, vBulletin 2.2.0 and earlier
Vulnerability: vbulletin-calendar-command-execution
X-Force URL: http://www.iss.net/...ter/static/10176.php

Date Reported: 09/24/2002
Brief Description: PHP-Nuke search request cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, PHP-Nuke 6.0
Vulnerability: phpnuke-search-xss
X-Force URL: http://www.iss.net/...ter/static/10177.php

Date Reported: 09/25/2002
Brief Description: PHP-Nuke modules.php script SQL injection denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Unix Any version, PHP-Nuke 6.0 and earlier
Vulnerability: phpnuke-modules-sql-dos
X-Force URL: http://www.iss.net/...ter/static/10193.php


For info about subcribing to this list, go to:

http://www.iss.net/
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] IIS Security Report: Interesting reports for Programmers/Users (example: Perl/PHP) In reply to
And for those of us that don't want to read about our scripts on the internet, some self-help is available with RATS 2.1 (really):

Quote:


RATS, the Rough Auditing Tool for Security, is a security auditing utility for C, C++, Python, Perl and PHP code. RATS scans source code, finding potentially dangerous function calls. The goal of this project is not to definitively find bugs. The current goal is to provide a reasonable starting point for performing manual security audits. RATS is released under version 2 of the GNU Public License (GPL).


RATS is available at: http://www.securesoftware.com/rats.php
--
Rob

SW Montana's Online Community
Modular Model Railroading