Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 03.10.2005
Published: 09.10.2005
Source:
SecurityVulns ID: 5287
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: OSCOMMERCE : osCommerce 2.2
MYBLOGGIE : myBloggie 2.1
MEDIAWIKI : MediaWiki 1.4
PHPFUSION : PHP-Fusion 6.0
LIMBO : Limbo CMS 1.0
TELLME : TellMe 1.2
ASPREADY : ASPReady FAQ
HIKIWIKI : Hiki 0.8
UTOPIASOFTWARE : Utopia News Pro 1.1
CYPHOR : Cyphor 0.19

Original document retrogod_(at)_aliceposta.it, Cyphor 0.19 SQL Injection / Board takeover / cross site scripting (09.10.2005)

retrogod_(at)_aliceposta.it, Utopia News Pro 1.1.3 SQL Injection / cross site scripting (09.10.2005)

SECUNIA, [SA17074] MediaWiki HTML Inline Style Attributes Cross-Site Scripting (07.10.2005)

document SECUNIA, [SA17075] Hiki Page Name Cross-Site Scripting Vulnerabilities (07.10.2005)

Preben Nylokken, aspReady FAQ - open for SQL-injections (07.10.2005)

SECUNIA, [Full-disclosure] Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities (06.10.2005)

morning_wood, [Full-disclosure] Tellme 1.2 (06.10.2005)

document povilas_(at)_critical.lt, Limbo CMS <=1.0.4.2 XSS (04.10.2005)

mircia, PHP-Fusion SQL injection and exploit (04.10.2005)

retrogod_(at)_aliceposta.it, MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass (03.10.2005)

Files: myBloggie 2.1.3beta null char + SQL Injection -> login bypass
PHP-Fusion SQL injection exploit
Utopia News Pro 1.1.3 (possibly prior versions) SQL Injection / Administrative credentials disclosure
yphor 0.19 ( possibly prior versions) SQL injection / board takeover
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin