Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 21.11.2005
Published: 26.11.2005
Source:
SecurityVulns ID: 5468
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: HORDE : Horde 3.0
PBLANG : PBLang 4.65
ALSTRASOFT : EPay Pro 2.0
PHPFUSION : PHP-Fusion 6.0
ZORUM : zorum 3.5
VUBB : VUBB
JELSOFT : vBulletin 3.5
EQUICKCART : e-Quick Cart
APACHE : Struts 1.2
JETTY : Jetty 5.1
PHPZENTRALE : APBoard
TORRENTIAL : Torrential 1.2
JOOMLA : Joomla! 1.0
NUKEET : Nuke ET 3.2
EASYBE : 1-2-3 music store 1.0
COMMODITYRENTALS : Commodity Rentals 2.0
DIGISHOP : digiSHOP 3.1
AFFCOMMERCE : Affcommerce 1.1
EZYHELPDESK : ezyhelpdesk 1.0
OMNISTARLIVE : Omnistar Live 5.2
PHPLABS : Survey Wizard
PHPLABS : Top Auction
KPLAYLIST : kPlaylist 1.6
TUNEZ : Tunez 1.21
HYDROBB : HydroBB 1.0
WSNFORUM : WSN Forum 1.21
PMWIKI : PmWiki 2.0
PHPPOST : PHPPost 1.0
VHCS : VHCS 2.2
OTRS : OTRS 2.0
COMDEVWEB : Vote Caster 3.1
VOTEPRO : Vote! Pro 4.0
SOFTBIZSCRIPT : Softbiz Web Host Directory 1.1
GREYWYVERN : Orca forum 4.3
ZONEO : freeForum 1.1
OVBB : OvBB
PANCAKE : Zina 0.12
ACTIVECAMPAIGN : KnowledgeBuilder 2.5
ACTIVECAMPAIGN : SupportTrio 1.4
FREEMED : FreeMED 0.8
VTIGER : Vtiger CRM 4.2
DESKLANCE : DeskLance 2.3
NICECODER : iDesk 1.0
ISOLSOFT : IsolSoft Support Center 2.2
PHPWORDPRESS : Article Manager 3.0
SNEWS : sNews 1.3
KAYAKO : SupportSuite 3.00
ONLINETECHTOOLS : OWOS Lite 3.0
ONLINETECHTOOLS : OASYS Lite 1.0
ONLINETECHTOOLS : OKBSYS Lite 1.0
CENTRALMANCLC : Helpdesk Issue Manager 0.9
SMBCMS : SMBCMS 2.1
DAPPERDESK : DapperDesk 3.0
SYSBOTZ : Systems Panel 1.0
PDJKEELAN : pdjk-support 1.1
AGILEBILL : AgileBill 1.4
FORPERFECT : cSupport 1.0
IDEVSPOT : iSupport 1.06
HELPDESKPOINT : HelpDeskPoint 2.38
DMANEWS : DMANews 0.904
FANTASTICNEWS : Fantastic News 2.1
LOGICBILL : LogicBill 1.0
EZINVOICEINC : EZ Invoice Inc 2.0
CLIENTEXEC : Clientexec 2.3
DRZES : DRZES HMS 3.2
CSCART : CS-Cart
ENTEGRAL : Entergal MX 2.0
BOSDEV : BosDates 4.0
QUALITYUNIT : Post Affiliate Pro 2.0
GHOSTSCRIPTER : Amazon Shop 5.0
WOWBB : WowBB 1.65
EFICTION : eFiction 2.0
BLOGBUDDIES : blogBuddies 0.3
PHPPOST : PHP-Post 1.0

Original document r0xes_(at)_7NA.org, XSS in PBLang 4.65 Profile.php/UCP.php (26.11.2005)

SECUNIA, [SA17706] PHP-Post Cross-Site Scripting and Script Insertion Vulnerabilities (26.11.2005)

SECUNIA, [SA17741] blogBuddies Cross-Site Scripting Vulnerabilities (26.11.2005)

SECUNIA, [SA17736] SmartPPC Pro "username" Cross-Site Scripting Vulnerability (26.11.2005)

document Daniel Fabian, SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM (26.11.2005)

retrogod_(at)_aliceposta.it, eFiction <= 2.0 multiple vulnerabilities (26.11.2005)

r0t, DMANews Multiple SQL inj. vuln. (26.11.2005)

r0t, Fantastic News "category" SQL inj. (26.11.2005)

document r0t, LogicBill 1.0 SQL inj. (26.11.2005)

r0t, EZ Invoice Inc™ v 2.0 SQL inj. (26.11.2005)

r0t, Clientexec 2.x Multiple SQL inj. (26.11.2005)

r0t, DRZES HMS 3.2 Multiple vuln. (26.11.2005)

r0t, CS-Cart SQL inj. vuln. (26.11.2005)

r0t, Entergal MX V2.0 SQL vuln. (26.11.2005)

document r0t, BosDates v4.0 SQL vuln (26.11.2005)

r0t, Post Affiliate Pro 2.0.x Vuln. (26.11.2005)

r0t, Amazon Shop 5.0.0 XSS vuln. (26.11.2005)

r0t, WowBB 1.65 vuln. (26.11.2005)

r0t, Zorum Forum 3.5 "rollid" SQL inj. vuln. (26.11.2005)

r0t, VBulletin 3.5.1 XSS vuln. (26.11.2005)

document Christopher Kunz, [Full-disclosure] Advisory 23/2005: vTiger multiple vulnerabilities (25.11.2005)

r0t, phpWordPress 3.0 SQL inj. (25.11.2005)

r0t, sNews 1.3 SQL injection. (25.11.2005)

r0t, Kayako SupportSuite v3.00.x Full path Disclosure . (25.11.2005)

r0t, OWOS Lite 3.0 SQL inj. (25.11.2005)

document r0t, OASYS Lite 1.0 "search.asp" XSS vuln. (25.11.2005)

r0t, OKBSYS Lite 1.0 "search.asp" XSS vuln. (25.11.2005)

r0t, Helpdesk Issue Manager v0.9 SQL inj. (25.11.2005)

r0t, SMBCMS v2.1 SQL injection. (25.11.2005)

r0t, DapperDesk 3.0.x "page" SQL inj. (25.11.2005)

document r0t, Systems Panel v1.0.x Multiple SQL inj. (25.11.2005)

r0t, pdjk-support suite sql inj. (25.11.2005)

r0t, AgileBill 1.4.x "id" sql injection. (25.11.2005)

r0t, cSupport "pg" SQL inj. (25.11.2005)

r0t, iSupport 1.x "include_file" SQL inj. (25.11.2005)

r0t, HelpDeskPoint Free Help Desk Software SQL inj. (25.11.2005)

document r0t, IsolSoft Support Center SQL inj. (24.11.2005)

r0t, iDesk "cat_id" SQL inj. (24.11.2005)

r0t, DeskLance Vuln. (24.11.2005)

SECUNIA, [SA17693] vtiger CRM Multiple Vulnerabilities (24.11.2005)

SECUNIA, [SA17693] vtiger CRM Multiple Vulnerabilities (24.11.2005)

document SECUNIA, [SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability (24.11.2005)

SECUNIA, [SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability (24.11.2005)

r0t, ActiveCampaign SupportTrio SQL inj. (24.11.2005)

r0t, ActiveCampaign KnowledgeBuilder Vuln. (24.11.2005)

document r0t, Zina SQL injection vulnerability. (24.11.2005)

r0t, OvBB SQL vulnerabilities. (24.11.2005)

r0t, freeForum 1.x "cat" "thread" SQL inj. (24.11.2005)

r0t, Orca forum 4.3.x "msg" Sql inj. (24.11.2005)

r0t, Softbiz Web Host Directory Script Multiple vuln. (24.11.2005)

document r0t, VUBB Forum SQL and XSS vuln. (24.11.2005)

r0t, Vote! Pro 4.x "poll_id" Sql inj. (23.11.2005)

r0t, Vote Caster 3.x SQL Inj. Vuln. (23.11.2005)

daniel.schreckling_(at)_informatik.uni-hamburg.de, Horde MIME Viewer vulnerability (23.11.2005)

Moritz Naumann, OTRS 1.x/2.x Multiple Security Issues (23.11.2005)

document Moritz Naumann, VHCS 2.x HTTP Error Cross Site Scripting (23.11.2005)

alireza hassani, [KAPDA::#14] - PHPPost XSS and HTML Injection (23.11.2005)

Moritz Naumann, PmWiki 2.0.12 Cross Site Scripting (23.11.2005)

r0t, WSN Forum "id" SQL Injection Vulnerability (23.11.2005)

document r0t, XSS in HydroBB (23.11.2005)

r0t, Tunez SQL and XSS vuln. (23.11.2005)

r0t, kPlaylist XSS vuln. (23.11.2005)

r0t, Top Auction Multiple SQL Vuln. (23.11.2005)

r0t, Survey Wizard "sid" SQL injection vuln. (23.11.2005)

r0t, SupportPRO Supportdesk XSS vuln. (23.11.2005)

document r0t, Omnistar Live "id" and "category_id" SQL inj. (23.11.2005)

r0t, ezyhelpdesk Multiple Sql inj (23.11.2005)

r0t, Affcommerce Multiple Sql inj. (23.11.2005)

r0t, digiSHOP 3.x SQL injection vuln. (23.11.2005)

r0t, Commodity Rentals 2.x "user_id" Sql inj. (23.11.2005)

document r0t, 1-2-3 music store "AlbumID" Sql injection. (23.11.2005)

SECUNIA, [SA17638] Nuke ET "query" SQL Injection Vulnerability (23.11.2005)

SECUNIA, [SA17675] Joomla! SQL Injection and Cross-Site Scripting Vulnerabilities (23.11.2005)

Shell, [Full-disclosure] Torrential 1.2 getdox.php Directory Traversal (22.11.2005)

document ksa_ksa82_(at)_hotmail.com, APBoard v [all] ---> [SQL injection] (22.11.2005)

r0t, AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability (22.11.2005)

SECUNIA, [SA17659] Jetty JSP Source Code Disclosure Vulnerability (21.11.2005)

Irene Abezgauz, [Full-disclosure] Security Advisory: Struts Error Message Cross Site Scripting (21.11.2005)

document SECUNIA, [SA17664] PHP-Fusion SQL Injection Vulnerabilities (21.11.2005)

SECUNIA, [SA17652] e-Quick Cart SQL Injection Vulnerabilities (21.11.2005)

Files: eFiction <= 2.0 fake GIF Shell Upload
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server