Computer Security
[EN] no-pyccku

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:5602
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APPSERV : appserv 2.4
 BOASTMACHINE : boastMachine 3.1
 RALPHARMA : TinyPHPForum 3.6
 ADNFORUM : adnforum 1.0
 THEWEBFORUM : TheWebForum 1.2
 DOMUS : Proyecto Domus 2.10
 SYSCP : WebFTP 1.2
 AQUIFER : Aquifer CMS
 INETSTORE : iNETstore Ebusiness Software
 TIMECAN : Timecan CMS 3.0
CVE:CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.)
Original documentdocumentSECUNIA, [SA18324] Timecan CMS "viewID" SQL Injection Vulnerability (07.01.2006)
 documentSECUNIA, [SA18322] iNETstore Ebusiness Software "searchterm" Cross-Site Scripting Vulnerability (07.01.2006)
 documentSECUNIA, [SA18325] OnePlug CMS SQL Injection Vulnerabilities (07.01.2006)
 documentSECUNIA, [SA18326] Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability (07.01.2006)
 documentzeus olimpusklan, [Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability (07.01.2006)
 documentThomas Henlich, SysCP WebFTP local file inclusion vulnerability (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Proyecto Domus 'email' XSS Vulnerability (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] TheWebForum Script Insertion and Authentication Bypass (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] ADNForum Multiple Vulnerabilities (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] TinyPHPForum Multiple Vulnerabilities (07.01.2006)
 documentnight_warrior771_(at), CyberShop User Login Sql Injection (07.01.2006)
 documenteufrato_(at), [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 (07.01.2006)
 documentXez, Remote file include in appserv 2.4.5 (possible in previous versions) (07.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod