Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:5661
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla! 1.0
 MIKEHELTONISAWES : aoblogger 2.3
 WBNEWS : WB News 1.1
 PHPCLANWEBSITE : Phpclanwebsite 1.23
 MYBB : MyBB 1,02
 PHLIMAIL : PHlyMail 3.3
 ELOG : ELOG 2.6
 MYAMAZONMANSTORE : My Amazon Store Manager 1.0
CVE:CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.)
Original documentdocumentSECUNIA, [SA18535] My Amazon Store Manager "q" Cross-Site Scripting Vulnerability (19.01.2006)
 documentSECUNIA, [SA18537] Netrix X-Site Manager "product_id" Parameter Cross-Site Scripting (19.01.2006)
 documentSECUNIA, [SA18533] ELOG Format String and Directory Traversal Vulnerabilities (19.01.2006)
 documentSECUNIA, [SA18536] PHlyMail Unspecified Script Insertion and SQL Injection (19.01.2006)
 documentSECUNIA, [SA18544] MyBB "Allow HTML in Signatures" Script Insertion Security Issue (19.01.2006)
 documentSECUNIA, [SA18541] Phpclanwebsite "img" BBcode Script Insertion Vulnerability (19.01.2006)
 documentSECUNIA, [SA18513] Joomla! Multiple Unspecified Vulnerabilities (19.01.2006)
 documentSECUNIA, [SA18499] WB News "name" Script Insertion Vulnerability (19.01.2006)
 documentnight_warrior771_(at), MyBB Signature HTML Code Injection (19.01.2006)
 documentnight_warrior771_(at), XMB Forum HTML Code Injection (19.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] aoblogger Multiple Vulnerabilities (19.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Flog Information Disclosure Vulnerability (19.01.2006)
 documentnight_warrior771_(at), Phpclanwebsite BBCode IMG Tag XSS Vulnerability (19.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod