Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 19.01.2006
Source:
SecurityVulns ID: 5661
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: JOOMLA : Joomla! 1.0
FLUFFINGTON : Flog 1.0
MIKEHELTONISAWES : aoblogger 2.3
WBNEWS : WB News 1.1
PHPCLANWEBSITE : Phpclanwebsite 1.23
MYBB : MyBB 1,02
PHLIMAIL : PHlyMail 3.3
ELOG : ELOG 2.6
MYAMAZONMANSTORE : My Amazon Store Manager 1.0
CVE: CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.)

Original document SECUNIA, [SA18535] My Amazon Store Manager "q" Cross-Site Scripting Vulnerability (19.01.2006)

SECUNIA, [SA18537] Netrix X-Site Manager "product_id" Parameter Cross-Site Scripting (19.01.2006)

SECUNIA, [SA18533] ELOG Format String and Directory Traversal Vulnerabilities (19.01.2006)

document SECUNIA, [SA18536] PHlyMail Unspecified Script Insertion and SQL Injection (19.01.2006)

SECUNIA, [SA18544] MyBB "Allow HTML in Signatures" Script Insertion Security Issue (19.01.2006)

SECUNIA, [SA18541] Phpclanwebsite "img" BBcode Script Insertion Vulnerability (19.01.2006)

document SECUNIA, [SA18513] Joomla! Multiple Unspecified Vulnerabilities (19.01.2006)

SECUNIA, [SA18499] WB News "name" Script Insertion Vulnerability (19.01.2006)

night_warrior771_(at)_hotmail.com, MyBB Signature HTML Code Injection (19.01.2006)

night_warrior771_(at)_hotmail.com, XMB Forum HTML Code Injection (19.01.2006)

document Aliaksandr Hartsuyeu, [eVuln] aoblogger Multiple Vulnerabilities (19.01.2006)

Aliaksandr Hartsuyeu, [eVuln] Flog Information Disclosure Vulnerability (19.01.2006)

night_warrior771_(at)_hotmail.com, Phpclanwebsite BBCode IMG Tag XSS Vulnerability (19.01.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server