|
Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 24.10.2005 | | Published: |  | 29.10.2005 | | Source: |  | | | SecurityVulns ID: |  | 5383 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | PHPBB : phpBB 2.0 | | | | XOOPS : xoops 2.0 | | | | MANTIS : Mantis 0.19 | | | | FLATNUKE : Flatnuke 2.5 | | | | SPARKLEBLOG : SparkleBlog 2.1 | | | | DCPPORTAL : DCP-Portal 6.1 | | | | PBLANG : PBLang 4.65 | | | | MYBB : MyBB 1.0 | | | | ATUTOR : ATutor 1.5 | | | | PHPFUSION : PHP-Fusion 6.0 | | | | XOOPS : XOOPS 2.2 | | | | ZOPE : Zope 2.8 | | | | NUKEDKLAN : Nuked-Klan 1.7 | | | | MWCHAT : MWChat 6.8 | | | | ZOMPLOG : Zomplog 3.4 | | | | PHPNUKE : phpNuke 7.8 | | | | PUNBB : PunBB 1.1 | | | | ARCHILLES : aRCHILLES Newsworld 1.3 | | | | EBASE : eBASEweb 3.0 | | | | ZOPE : zope 2.7 | | | | ARBLOG : ar-blog 5.2 | | | | PHPICALENDAR : PHP iCalendar 2.0 | | | | SNOOPY : Snoopy 1.2 | | | | TCLANPORTAL : TClanPortal 1.1 | | | | base : Basic Analysis and Security Engine 1.2 | | | | MANTIS : Mantis 1.0 | | | | WOLTLAB : Woltlab Burning Board 2.7 | | | | NPDS : Net Portal Dynamic System 5.0 | | | | FLYSPRAY : Flyspray 0.9 | | | | ROCKLIFFE : MailSite Express WebMail 6.1 | | | | GCARDS : gCards 1.44 | | | | PHPESP : phpESP 1.7 |
| Original document |  | abducter_minds_(at)_yahoo.com, File Including In PBLang (29.10.2005) |
| | | SECUNIA, [SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection (28.10.2005) |
| | | SECUNIA, [SA17353] gCards "limit" SQL Injection Vulnerability (28.10.2005) |
| | | Paul Craig, [Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail (28.10.2005) |
| | | SECUNIA, [SA17316] Flyspray Cross-Site Scripting Vulnerabilities (27.10.2005) |
| | | SECURITEAM, [EXPL] Net Portal Dynamic System Denial of Service Exploit (27.10.2005) |
| | | bhfh01_(at)_gmail.com, PHP-Nuke Cross-Site Scripting Vulnerability (27.10.2005) |
| | | advisory_(at)_kapda.ir, [KAPDA::#9] Techno Dreams Scripts Vulnerabilities (27.10.2005) |
| | | Animal, SQL-Injection in MyBulletinBoard allows attacker to become a board admin. (27.10.2005) |
| | | admin_(at)_batznet.com, Woltlab Burning Board info_db.php multiple SQL injection (27.10.2005) |
| | | SECUNIA, [Full-disclosure] Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability (26.10.2005) |
| | | SECUNIA, [SA17314] Basic Analysis and Security Engine SQL Injection Vulnerability (26.10.2005) |
| | | SECUNIA, [SA17324] TClanPortal "id" SQL Injection Vulnerability (26.10.2005) |
| | | SECUNIA, [SA17307] ar-blog Script Insertion and Authentication Bypass Vulnerabilities (26.10.2005) |
| | | poizon_(at)_securityinfo.ru, DboardGear - uncorrect import themes (SQL-inject) (26.10.2005) |
| | | sikikmail_(at)_gmail.com, SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable) (26.10.2005) |
| | | Daniel Fabian, SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability (26.10.2005) |
| | | SNS, [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities (26.10.2005) |
| | | ascii, [Full-disclosure] PHP iCalendar CSS (25.10.2005) |
| | | SECUNIA, [SA17312] PHP-Fusion "news_body" Script Insertion Vulnerability (25.10.2005) |
| | | God Of Death (G.O.D), [Full-disclosure] Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions (25.10.2005) |
| | | GENTOO, [Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText (25.10.2005) |
| | | SECUNIA, [SA17301] eBASEweb Unspecified SQL Injection Vulnerability (25.10.2005) |
| | | SECUNIA, [SA17295] phpBB Avatar Script Insertion Vulnerability (25.10.2005) |
| | | alex_(at)_aleksanet.com, Flat Nuke Cross Site Scripting (25.10.2005) |
| | | papipsycho_(at)_hotmail.com, Nuked klan 1.7: SQL vulnerability (25.10.2005) |
| | | sikikmail_(at)_gmail.com, Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable) (25.10.2005) |
| | | abducter_minds_(at)_yahoo.com, File Including In FLAT NUKE (25.10.2005) |
| | | almaster_(at)_hotmail.com, SQL saphp Lesson (25.10.2005) |
| | | advisory_(at)_kapda.ir, [KAPDA::#8] Domain Manager Pro Vulnerability (25.10.2005) |
| | | chburchert_(at)_web.de, aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities (25.10.2005) |
| | | peanut_(at)_black-rat.no-ip.com, Possible Bug in PHP-Fusion 6.0.204 (25.10.2005) |
| | | papipsycho_(at)_hotmail.com, Nuked klan 1.7: Bypassed level admin on forum(corrected) (25.10.2005) |
| | | rod hedor, Remote File Inclusion in forum PunBB (25.10.2005) |
| | | retrogod_(at)_aliceposta.it, PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution (25.10.2005) |
| | | alex_(at)_aleksanet.com, DCP - portal XSS & SQL attacks (24.10.2005) |
| | | almaster_(at)_hotmail.com, DBoardGear SQL Injection (24.10.2005) |
| | | SECUNIA, [SA17306] Zomplog Cross-Site Scripting and SQL Injection Vulnerabilities (24.10.2005) |
| | | SECUNIA, [SA17303] MWChat "Username" SQL Injection Vulnerability (24.10.2005) |
|
|
|
|
|
