Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
Published:		23.12.2005
Source:
SecurityVulns ID:		5569
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MANTIS : Mantis 0.19
		ALSTRASOFT : EPay Enterprise 3.0
		EGGBLOG : eggblog 2.0
		FATWIRE : UpdateEngine 6.2
		DAY : Communique 4
		PAPERTHIN : CommonSpot Content Server 4.5
		ORACLE : OracleAS Discussion Forum Portlet
		PHPFUSION : PHP-Fusion 6.00

Original document		SECUNIA, [SA18136] ShopEngine "EXPS" Cross-Site Scripting Vulnerability (23.12.2005)
		GENTOO, [ GLSA 200512-12 ] Mantis: Multiple vulnerabilities (23.12.2005)
		krasza_(at)_gmail.com, XSS&Sql injection attack in PHP-Fusion 6.00.3 Released (23.12.2005)
		Johannes Greil, [Full-disclosure] SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet (23.12.2005)
		Johannes Greil, [Full-disclosure] SEC Consult SA-20051223-0 :: Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet (23.12.2005)
		r0t, CommonSpot Content Server vuln. (23.12.2005)
		r0t, Communique 4 XSS vuln. (23.12.2005)
		r0t, Fatwire UpdateEngine 6.2 multiple XSS vuln. (23.12.2005)
		r0t, eggblog vuln. (23.12.2005)
		r0t, AlstraSoft EPay Enterprise v3.0 XSS vuln. (23.12.2005)

Discuss:

Read or add your comments to this news (0 comments)