Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.02.2006
Source:
SecurityVulns ID:		5768
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CLEVERCOPY : Clever Copy 2.0
		CLEVERCOPY : Clever Copy 3.0
		HINTONDESIGN : phpstatus 1.0
		RUNCMS : Runcms 1.3
		DOCMGR : DocMGR 0.54
		HINTONDESIGN : phphd 1.0
		GASTBUCH : gastbuch 1.3
		SITEFRAME : Beaumont 5.0
		EGS : Enterprise Groupware System 1.0
		QWIKIWIKI : QwikiWiki 1.5
		PYBLOSXOM : PyBlosxom 1.3
		ZENCART : Zen Cart 1.2

Original document		SECUNIA, [SA18801] Zen Cart Unspecified SQL Injection Vulnerabilities (14.02.2006)
		SECUNIA, [SA18831] RunCMS pmlite.php SQL Injection Vulnerability (14.02.2006)
		SECUNIA, [SA18858] PyBlosxom Arbitrary File Disclosure Vulnerability (14.02.2006)
		SECUNIA, [SA18814] QwikiWiki "search.php" Cross-Site Scripting Vulnerability (14.02.2006)
		rgod_(at)_autistici.org, EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution (14.02.2006)
		federico.alice_(at)_tiscali.it, Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability (14.02.2006)
		Micha Borrmann, XSS vulnerability in guestbook-php-script (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] phpstatus Authentication Bypass (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] phphd Multiple Vulnerabilities (14.02.2006)
		rgod_(at)_autistici.org, DocMGR <= 0.54.2 arbitrary remote inclusion (14.02.2006)

Files:		EGS Enterprise Groupware System <=1.0 rc4 remote commands execution exploit
		DocMGR <= 0.54.2 remote commands execution exploit
Discuss:		Read or add your comments to this news (0 comments)