PHP, ASP, CGI web applications security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP, ASP, CGI web applications security vulnerabilities
updated since 25.07.2005
Published: 29.07.2005
Source:
SecurityVulns ID: 5032
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPLIST : phplist 2.8
HOSTINGCONTROLLE : Hosting Controller 6.1
PHPFIRSTPOST : PHP FirstPost 0.1
BEEHIVEFORUM : Beehive Forum 0.6
FTPLOCATE : FtpLocate 2.02
ATOMICPA : Atomic Photo Album 1.1
ASNGUESTBOOK : Asn Guestbook 1.5
VIRTECH : Netquery 3.1
CLEVERCOPY : Clever Copy 2.0
PNGCOUNTER : PNG Counter 1.0
PHPBOOK : phpBook 1.50
VBZOOM : VBZooM 1.0
BMFORUM : BMForum Plus! 2.6
BMFORUM : BMForum Plus! 3.0
MYSQL : Eventum 1.5
GFORGE : gforge 4.5
USEBB : UseBB 0.5
PHPMYGALLERY : PHPmyGallery 1.5
SIMPLICITYOFUPLO : Simplicity oF Upload 1.3
EASYPX : Easy PX 41 CMS
CALACODE : @Mail 4.11
KNUSPERLEICHT : Kshout 3.0
KAYAKO : liveResponse 2.0
EARLYINPACT : Product Cart 2.6
ROCP : ROCP 4.3

Original document svt_(at)_svt.nukleon.us, [SVadvisory] - SQL injection in OpenBook 1.2.2 (02.08.2005)

fjlj_(at)_wvi.com, RO CP root exploit (31.07.2005)

Zinho, [HSC Security Group] SQL Injection in Product Cart 2.6 (31.07.2005)

l--s_(at)_hotmail.com, Kent's Guestbook database exploit (31.07.2005)

document rat_(at)_marocmaffia.com, PC-EXPERIENCE/TOPPE CMS Security Advisory (31.07.2005)

JeiAr, Kayako liveResponse Multiple Vulnerabilities (31.07.2005)

group_(at)_soulblack.com.ar, Kshout Data Disclosure (31.07.2005)

Debasis Mohanty, [Full-disclosure] Indiatimes Shopping Cart XSS (Cross Site Scripting) Attacks (30.07.2005)

document SECUNIA, [SA16252] @Mail Multiple Cross-Site Scripting Vulnerabilities (30.07.2005)

SECUNIA, [SA16264] Easy PX 41 CMS Cross-Site Scripting and Information Disclosure (30.07.2005)

SECUNIA, [SA16273] Simplicity oF Upload "language" File Inclusion Vulnerability (30.07.2005)

document SECUNIA, [SA16260] PHPmyGallery "confdir" File Inclusion Vulnerability (30.07.2005)

SECUNIA, [SA16270] UNG "name" and "email" Mail Header Injection (30.07.2005)

l--s_(at)_hotmail.com, uguestbook exploit (29.07.2005)

Stefan Esser, Advisory 12/2005: UseBB Multiple Vulnerabilities (29.07.2005)

document thegreatone2176_(at)_yahoo.com, Website Baker Project Multiple Vulnerabilities (29.07.2005)

Jose Antonio, Cross Site Scripting vulnerabilities in GForge (29.07.2005)

thegreatone2176_(at)_yahoo.com, PhpList Sql Injection and Path Disclosure (29.07.2005)

SECUNIA, [SA16253] GForge Cross-Site Scripting Vulnerabilities (28.07.2005)

document SECUNIA, [SA16255] MySQL Eventum PEAR XML_RPC PHP Code Execution Vulnerability (28.07.2005)

SECUNIA, [SA16224] BMForum Plus! Cross-Site Scripting Vulnerabilities (28.07.2005)

SECUNIA, [SA16192] phpBook "admin" Cross-Site Scripting Vulnerability (27.07.2005)

SECUNIA, [SA16237] PNG Counter "digit" Cross-Site Scripting Vulnerability (27.07.2005)

document SECUNIA, [SA16235] Hosting Controller comgetfile.asp Information Disclosure (27.07.2005)

SECUNIA, [SA16236] Clever Copy Cross-Site Scripting Vulnerabilities (27.07.2005)

Zinho, [HSC Security Group] XSS in CartWiz (27.07.2005)

SECURITEAM, [EXPL] Netquery Command Execution (Exploit) (26.07.2005)

document SECUNIA, [SA16202] Asn Guestbook "version" Cross-Site Scripting Vulnerability (25.07.2005)

gr0up.pclabs_(at)_gmail.com, Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include (25.07.2005)

newbug_(at)_chroot.org, Chroot Security Group Advisory 2005-07-25 -- ftplocate (25.07.2005)

document thegreatone2176_(at)_yahoo.com, Beehive Forum Multiple Vulnerabilities (25.07.2005)

gb.network_(at)_gmail.com, PHP FirstPost remote file include vulnerability (25.07.2005)

Files: [EXPL] Netquery Command Execution Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin