Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 15.08.2005
Published: 21.08.2005
Source:
SecurityVulns ID: 5105
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB 2.0
ADVANCEDGUESTBOO : Advanced Guestbook 2.3
CUTEPHP : CuteNews 1.3
PHPMYFAQ : phpMyFAQ 1.4
MANTIS : Mantis 0.19
EGROUPWARE : eGroupWare 1.0
PHPADSNEW : phpAdsNew 2.0
PHPOPENADS : phpPgAds 2.0
PHPNUKE : PHP-Nuke 7.6
PHPWEBSITE : phpWebSite 0.10
WBB : Burning Board 2.2
WBB : Burning Board 2.3
DRUPAL : Drupal 4.5
RUNCMS : Runcms 1.1
MYBB : MyBB 1.0
DRUPAL : Drupal 4.6
APPLE : Mac OS X 10.4
ATUTOR : ATutor 1.5
PHPMYFAQ : phpMyFAQ 1.5
NUCLEUS : Nucleus 3.20
MAILWATCH : MailWatch for MailScanner 1.0
EZ : ezUpload 2.2
PHPXMLRPC : PHPXMLRPC 1.1
PEAR : XML_RPC 1.3
DOKEOS : Dokeos 1.6
PHPTB : PHPTB 2.0
CPAINT : CPAINT Ajax Toolkit 1.3
PHPROJEKT : PHProjekt 5.0
SOFT4E : ECW Shop 6.0
DISCUZ : Discuz! 4.0
PHPFREENEWS : PHPFreeNews 1.40
CPAINT : CPAINT 1.3
MIG : My Image Gallery 1.4
WAGORA : W-Agora 4.2
MEDIABOX404 : mediabox404 1.2
DADAMAIL : Dada Mail 2.09
ECWSHOP : ECW-Shop 6.02
ZORUM : zorum 3.5
BBCAFFE : BBCaffe 2.0
EMEFA : Emefa Guestbook 1.2
LIVESUPPORT : LiveSupport 1.0
NEOCROME : Land Down Under 800

Original document bl2k_(at)_shabgard.org, Bugs Land Down Under v800 (21.08.2005)

admin_(at)_batznet.com, Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection (21.08.2005)

s2b_(at)_hotmail.com, Vul in MyBB (21.08.2005)

DEBIAN, [SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities (19.08.2005)

document SECUNIA, [SA16475] LiveSupport PEAR XML_RPC Nested XML Tags PHP Code Execution (19.08.2005)

SECUNIA, [SA16489] Emefa Guestbook Script Insertion Vulnerability (19.08.2005)

SECUNIA, [SA16491] MailWatch for MailScanner XML-RPC PHP Code Execution (19.08.2005)

retrogod_(at)_liceposta.it, BBCaffe 2.0 cross site scripting poc (19.08.2005)

document retrogod_(at)_aliceposta.it, Zorum 3.5 remote code execution poc exploit (19.08.2005)

Security Lists, runcms highlight.php hole (19.08.2005)

SECUNIA, [SA16459] ECW-Shop SQL Injection and Cross-Site Scripting Vulnerabilities (18.08.2005)

SECUNIA, [SA16435] Dada Mail Archived Messages Script Insertion Vulnerability (18.08.2005)

document SECUNIA, [SA16465] eGroupWare XML-RPC Nested XML Tags PHP Code Execution (18.08.2005)

Matteo Beccati, [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities (18.08.2005)

goszynskif_(at)_gmail.com, PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities (18.08.2005)

document Cedric.Tissieres_(at)_objectif-securite.ch, SQL injection in mediabox404 v1.2 (18.08.2005)

matrix_killer ma3x, w-agora 4.2.0 and prior Remote Directory Travel Vulnerability (18.08.2005)

matrix_killer ma3x, ATutor-1.5.1 SQL injection and XSS bugs (18.08.2005)

SECUNIA, [SA16405] My Image Gallery Cross-Site Scripting Vulnerabilities (18.08.2005)

document SECUNIA, [SA16460] Nucleus CMS XML-RPC Nested XML Tags PHP Code Execution (18.08.2005)

SECUNIA, [SA16462] CPAINT Ajax Toolkit Unspecified Command Execution Vulnerability (18.08.2005)

Maksymilian Arciemowicz, [SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16 (18.08.2005)

document h4cky0u, [Full-disclosure] PHPFreeNews v1.40 and prior Multiple Vulnerabilities (18.08.2005)

SECURITEAM, [UNIX] Discuz! Command Execution Vulnerability (17.08.2005)

matrix_killer ma3x, XSS in CuteNews v1.3.6 (17.08.2005)

John Cobb, [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities (17.08.2005)

document h4cky0u, [Full-disclosure] phpWebSite 0.10.1 Full SQL Injection (17.08.2005)

matrix_killer ma3x, PHProjekt 5.0 XSS (17.08.2005)

matrix_killer ma3x, phpWebSite 0.10.1 Full SQL injection (17.08.2005)

SECUNIA, [SA16434] ezUpload "path" Arbitrary File Inclusion Vulnerability (16.08.2005)

document wiley14_(at)_gmail.com, Vulnerability found in CPAINT Ajax Toolkit (16.08.2005)

matrix_killer ma3x, Advanced Guestbook 2.3.3 upload image bug (16.08.2005)

morning_wood, [Full-disclosure] Apple Mac Tiger 10.4 weblog server (16.08.2005)

SECUNIA, [SA16443] PHPTB "mid" Parameter SQL Injection Vulnerability (16.08.2005)

document SECUNIA, [SA16441] phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution (16.08.2005)

SECUNIA, [SA16407] Dokeos Multiple Directory Traversal Vulnerabilities (15.08.2005)

DRUPAL, [Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue (15.08.2005)

document Stefan Esser, [Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability (15.08.2005)

Stefan Esser, [Full-disclosure] Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability (15.08.2005)

Files: PHPBB 2.0.10 add admin exploit
PHP-NUKE all versions add admin exploit
PHP Stat Administrative User Authentication Bypass POC Exploit
Zorum 3.5 remote commands execution
EXPLOIT FOR: MyBulletinBoard Search.PHP SQL Injection Vulnerability
phpbb 2.0.15 remote command execution exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server