Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 24.10.2005
Published: 29.10.2005
Source:
SecurityVulns ID: 5383
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB 2.0
XOOPS : xoops 2.0
MANTIS : Mantis 0.19
FLATNUKE : Flatnuke 2.5
SPARKLEBLOG : SparkleBlog 2.1
DCPPORTAL : DCP-Portal 6.1
PBLANG : PBLang 4.65
MYBB : MyBB 1.0
ATUTOR : ATutor 1.5
PHPFUSION : PHP-Fusion 6.0
XOOPS : XOOPS 2.2
ZOPE : Zope 2.8
NUKEDKLAN : Nuked-Klan 1.7
MWCHAT : MWChat 6.8
ZOMPLOG : Zomplog 3.4
PHPNUKE : phpNuke 7.8
PUNBB : PunBB 1.1
ARCHILLES : aRCHILLES Newsworld 1.3
EBASE : eBASEweb 3.0
ZOPE : zope 2.7
ARBLOG : ar-blog 5.2
PHPICALENDAR : PHP iCalendar 2.0
SNOOPY : Snoopy 1.2
TCLANPORTAL : TClanPortal 1.1
base : Basic Analysis and Security Engine 1.2
MANTIS : Mantis 1.0
WOLTLAB : Woltlab Burning Board 2.7
NPDS : Net Portal Dynamic System 5.0
FLYSPRAY : Flyspray 0.9
ROCKLIFFE : MailSite Express WebMail 6.1
GCARDS : gCards 1.44
PHPESP : phpESP 1.7

Original document abducter_minds_(at)_yahoo.com, File Including In PBLang (29.10.2005)

SECUNIA, [SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection (28.10.2005)

SECUNIA, [SA17353] gCards "limit" SQL Injection Vulnerability (28.10.2005)

Paul Craig, [Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail (28.10.2005)

document SECUNIA, [SA17316] Flyspray Cross-Site Scripting Vulnerabilities (27.10.2005)

SECURITEAM, [EXPL] Net Portal Dynamic System Denial of Service Exploit (27.10.2005)

bhfh01_(at)_gmail.com, PHP-Nuke Cross-Site Scripting Vulnerability (27.10.2005)

advisory_(at)_kapda.ir, [KAPDA::#9] Techno Dreams Scripts Vulnerabilities (27.10.2005)

document Animal, SQL-Injection in MyBulletinBoard allows attacker to become a board admin. (27.10.2005)

admin_(at)_batznet.com, Woltlab Burning Board info_db.php multiple SQL injection (27.10.2005)

SECUNIA, [Full-disclosure] Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability (26.10.2005)

document SECUNIA, [SA17314] Basic Analysis and Security Engine SQL Injection Vulnerability (26.10.2005)

SECUNIA, [SA17324] TClanPortal "id" SQL Injection Vulnerability (26.10.2005)

SECUNIA, [SA17307] ar-blog Script Insertion and Authentication Bypass Vulnerabilities (26.10.2005)

document poizon_(at)_securityinfo.ru, DboardGear - uncorrect import themes (SQL-inject) (26.10.2005)

sikikmail_(at)_gmail.com, SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable) (26.10.2005)

Daniel Fabian, SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability (26.10.2005)

document SNS, [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities (26.10.2005)

ascii, [Full-disclosure] PHP iCalendar CSS (25.10.2005)

SECUNIA, [SA17312] PHP-Fusion "news_body" Script Insertion Vulnerability (25.10.2005)

God Of Death (G.O.D), [Full-disclosure] Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions (25.10.2005)

document GENTOO, [Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText (25.10.2005)

SECUNIA, [SA17301] eBASEweb Unspecified SQL Injection Vulnerability (25.10.2005)

SECUNIA, [SA17295] phpBB Avatar Script Insertion Vulnerability (25.10.2005)

alex_(at)_aleksanet.com, Flat Nuke Cross Site Scripting (25.10.2005)

document papipsycho_(at)_hotmail.com, Nuked klan 1.7: SQL vulnerability (25.10.2005)

sikikmail_(at)_gmail.com, Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable) (25.10.2005)

abducter_minds_(at)_yahoo.com, File Including In FLAT NUKE (25.10.2005)

almaster_(at)_hotmail.com, SQL saphp Lesson (25.10.2005)

document advisory_(at)_kapda.ir, [KAPDA::#8] Domain Manager Pro Vulnerability (25.10.2005)

chburchert_(at)_web.de, aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities (25.10.2005)

peanut_(at)_black-rat.no-ip.com, Possible Bug in PHP-Fusion 6.0.204 (25.10.2005)

papipsycho_(at)_hotmail.com, Nuked klan 1.7: Bypassed level admin on forum(corrected) (25.10.2005)

document rod hedor, Remote File Inclusion in forum PunBB (25.10.2005)

retrogod_(at)_aliceposta.it, PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution (25.10.2005)

alex_(at)_aleksanet.com, DCP - portal XSS & SQL attacks (24.10.2005)

document almaster_(at)_hotmail.com, DBoardGear SQL Injection (24.10.2005)

SECUNIA, [SA17306] Zomplog Cross-Site Scripting and SQL Injection Vulnerabilities (24.10.2005)

SECUNIA, [SA17303] MWChat "Username" SQL Injection Vulnerability (24.10.2005)

Files: PHPNuke 7.8 with all security fixes/patches "Downloads","Web_Links" & "Your_Account" modules SQL Injection / remote commands execution exploit
Net Portal Dynamic System Denial of Service Exploit
Nuked klan 1.7: Remote Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server