PHP, ASP, CGI web applications security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP, ASP, CGI web applications security vulnerabilities
updated since 01.08.2005
Published: 06.08.2005
Source: BUGTRAQ
SecurityVulns ID: 5062
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: FLATNUKE : Flatnuke 2.5
PHPOPENCHAT : PhpOpenChat 3.0
CLEVERCOPY : Clever Copy 2.0
RAGNAROK : Ragnarok Online Control Panel 4.3
OPENBOOK : OpenBook 1.2
CHURCHINFO : ChurchInfo 1.2
ADERSOFTWARE : AderSoftware CFBB 1.0
FLEXPHPNEWS : Flexphpnews 0.0
PHPFREENEWS : PHPFreeNews 1.39
ARABPORTAL : Arab Portal 2.0
NAXTOR : Naxtor Shopping Cart 1.0
FUSEBOX : FuseBox 4.1
SILVERNEWS : Silvernews 2.0
NAXTOR : Naxtor e-directory 1.0
PORTAILPHP : PortailPHP 2.4
LOGICAMPUS : LogiCampus 1.1
KARRIGELL : Karrigell 2.1
JAX : Jax Newsletter 2.14
JAX : Jax LinkLists 1.1
JTR : Jax Calendar 1.34
JAX : Jax Guestbook 3.31
DENORA : Denora IRC Stats 1.1
INVISION : Invision Power Board 1.0

Original document virusishacker_(at)_gmail.com, ipb Css bug(now public) (06.08.2005)

SECUNIA, [SA16281] Denora IRC Stats "rdb_query()" Buffer Overflow Vulnerability (06.08.2005)

SECUNIA, [SA16337] Jax Guestbook Cross-Site Scripting and Information Disclosure (06.08.2005)

SECUNIA, [SA16333] Jax Calendar Cross-Site Scripting Vulnerability (06.08.2005)

document SECUNIA, [SA16338] Jax LinkLists Cross-Site Scripting and Information Disclosure (06.08.2005)

SECUNIA, [SA16332] Jax Newsletter Cross-Site Scripting and Information Disclosure (06.08.2005)

laurent gaffié, Comdev eCommerce config.php Vulnerability (06.08.2005)

retrogod_(at)_aliceposta.it, FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod) (06.08.2005)

document Zinho, [HSC Security Group] Multiple XSS in phpopenchat 3.0.2 (06.08.2005)

SECUNIA, [SA16330] Flatnuke Multiple Vulnerabilities (05.08.2005)

SECUNIA, [SA16319] Karrigell Python Namespace Exposure Vulnerability (05.08.2005)

SECUNIA, [SA16317] web content management Cross-Site Scripting and Authentication Bypass (05.08.2005)

document SECUNIA, [SA16297] LogiCampus helpdesk Cross-Site Scripting Vulnerability (05.08.2005)

abducter_minds_(at)_yahoo.com, SQL IN PortailPHP (05.08.2005)

SECURITEAM, [UNIX] Clever Copy Privileges Escalation Vulnerability (04.08.2005)

SECUNIA, [SA16314] Naxtor e-directory Cross-Site Scripting and SQL Injection (04.08.2005)

document retrogod_(at)_aliceposta.it, Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting (04.08.2005)

N.N.P, Coldfusion Fusebox V4.1.0 Vulnerability (04.08.2005)

John Cobb, [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection (03.08.2005)

document SECUNIA, Arab Portal (03.08.2005)

SECUNIA, [SA16312] PHPFreeNews Unspecified Vulnerabilities (02.08.2005)

SECUNIA, [SA16311] AderSoftware CFBB "page" Cross-Site Scripting (02.08.2005)

thegreatone2176_(at)_yahoo.com, ChurchInfo Multiple Vulnerabilities (02.08.2005)

document ziot_(at)_whataboutpp.com, PHPList Vunerability (02.08.2005)

svt_(at)_svt.nukleon.us, [SVadvisory] - SQL injection in OpenBook 1.2.2 (02.08.2005)

SECUNIA, [SA16287] Ragnarok Online Control Panel Authentication Bypass Vulnerability (01.08.2005)

Files: SilverNews Exploit inlcuded Proxy Server Function
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod