|
PHP, ASP, CGI web applications security vulnerabilities
updated since 20.06.2005 | | Published: |  | 25.06.2005 | | Source: |  | | | SecurityVulns ID: |  | 4907 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, etc. |
| Affected: |  | EXTOPIA : WebStore | | | | PHPBB : phpBB 2.0 | | | | UPB : Ultimate PHP Board 1.9 | | | | MAMBOSERVER : Mambo Server 4.5 | | | | DUWARE : DUpaypal 3.0 | | | | MERCURYBOARD : MercuryBoard 1.1 | | | | CLAROLINE : Claroline 1.5 | | | | PHPNUKE : PHP-Nuke 7.6 | | | | DUWARE : DuPortal 3.4 | | | | EDGEWALL : Trac 0.8 | | | | UAPPLICATYIONS : Ublog Reload 1.0 | | | | BCP : i-Gallery 3.3 | | | | FORTIBUS : Fortibus CMS 4.0 | | | | NANOBLOGGER : NanoBlogger 3.2 | | | | CACTI : Cacti 0.8 | | | | CPANEL : cPanel 10.2 | | | | WNAILER : W-Nailer 0.34 | | | | DUWARE : DUamazon 3.1 | | | | DUWARE : DUforum 3.1 | | | | DUWARE : DUclassmate 1.2 | | | | SIMPLEMACHINES : Simple Machine Forum 1.0 | | | | FRB : Forum Russian Board 4.2 | | | | WHOISCART : Whois.Cart 2.2 | | | | UBB : UBB.threads 6.5 | | | | ACTIVEWEBSOFTWAR : ActiveBuyAndSell 6.2 | | | | LCM : Legal Case Management System 0.6 |
| Original document |  | SECUNIA, [SA15743] Legal Case Management System Log File Disclosure (25.06.2005) |
| | | JeiAr, Infopop UBB Threads Multiple Vulnerabilities (25.06.2005) |
| | | fjlj_(at)_wvi.com, PHP nuke XSS vulnerability (25.06.2005) |
| | | dedi dwianto, [ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell (25.06.2005) |
| | | SECUNIA, [SA15805] UBB.threads Multiple Vulnerabilities (24.06.2005) |
| | | SECUNIA, [SA15783] Whois.Cart Cross-Site Scripting and Local File Inclusion (24.06.2005) |
| | | dedi dwianto, [ECHO_ADV_20$2005] Full path disclosure JAF CMS (24.06.2005) |
| | | Alberto Trivero, Remote Command Execution Exploit for Cacti <= 0.8.6d (24.06.2005) |
| | | SECURITEAM, [EXPL] MercuryBoard SQL Injection (User-Agent) (23.06.2005) |
| | | SECURITEAM, [EXPL] phpBB Multiple User Registeration DoS (Exploit) (23.06.2005) |
| | | SECURITEAM, [EXPL] FRB Remote Command Execution (Exploit) (23.06.2005) |
| | | SECURITEAM, [EXPL] Simple Machine Forum SQL Injection (modify) (23.06.2005) |
| | | dedi dwianto, [ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products (22.06.2005) |
| | | zodchiy, W-Nailer 0.34 (22.06.2005) |
| | | SECUNIA, [SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability (22.06.2005) |
| | | IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Remote File Inclusion Vulnerability (22.06.2005) |
| | | IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability (22.06.2005) |
| | | IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities (22.06.2005) |
| | | 4yka_(at)_ghc.ru, MercuryBoard 1.1.4 SQL Injection (22.06.2005) |
| | | SECUNIA, [SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability (22.06.2005) |
| | | SECUNIA, [SA15762] Fortibus CMS "username" and "ID" SQL Injection Vulnerabilities (21.06.2005) |
| | | Hat-Squad Security Team, [Hat-Squad] i-Gallery directory traversal (21.06.2005) |
| | | SECUNIA, [SA15747] Ublog Reload SQL Injection and Cross-Site Scripting (20.06.2005) |
| | | Stefan Esser, [Full-disclosure] Advisory 01/2005: Fileupload/download vulnerability in Trac (20.06.2005) |
| | | SECURITEAM, [EXPL] eXtropia WebStore Remote Command Execution (web_store.cgi) (20.06.2005) |
| | | SECURITEAM, [EXPL] Mambo Remote Password Hash Retrieval (Exploit) (20.06.2005) |
| | | SECURITEAM, [EXPL] Claroline E-Learning Application Remote SQL Injection (Exploit 2) (20.06.2005) |
| | | SECURITEAM, [EXPL] Claroline E-Learning Application Remote SQL Injection (20.06.2005) |
| | | TaskFall, phpBB 2.0.* Discloses Path (20.06.2005) |
|
|
|
|
|
