Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:		07.01.2006
Source:
SecurityVulns ID:		5602
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		APPSERV : appserv 2.4
		BOASTMACHINE : boastMachine 3.1
		RALPHARMA : TinyPHPForum 3.6
		ADNFORUM : adnforum 1.0
		THEWEBFORUM : TheWebForum 1.2
		DOMUS : Proyecto Domus 2.10
		SYSCP : WebFTP 1.2
		AQUIFER : Aquifer CMS
		ONEPLUG : OnePlug CMS
		INETSTORE : iNETstore Ebusiness Software
		TIMECAN : Timecan CMS 3.0
CVE:		CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.)

Original document		SECUNIA, [SA18324] Timecan CMS "viewID" SQL Injection Vulnerability (07.01.2006)
		SECUNIA, [SA18322] iNETstore Ebusiness Software "searchterm" Cross-Site Scripting Vulnerability (07.01.2006)
		SECUNIA, [SA18325] OnePlug CMS SQL Injection Vulnerabilities (07.01.2006)
		SECUNIA, [SA18326] Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability (07.01.2006)
		zeus olimpusklan, [Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability (07.01.2006)
		Thomas Henlich, SysCP WebFTP local file inclusion vulnerability (07.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] Proyecto Domus 'email' XSS Vulnerability (07.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] TheWebForum Script Insertion and Authentication Bypass (07.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] ADNForum Multiple Vulnerabilities (07.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] TinyPHPForum Multiple Vulnerabilities (07.01.2006)
		night_warrior771_(at)_hotmail.com, CyberShop User Login Sql Injection (07.01.2006)
		eufrato_(at)_gmail.com, [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 (07.01.2006)
		Xez, Remote file include in appserv 2.4.5 (possible in previous versions) (07.01.2006)

Discuss:

Read or add your comments to this news (0 comments)