Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.02.2006
Published: 01.03.2006
Source:
SecurityVulns ID: 5832
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: MYPHPNUKE : myPHPNuke 1.8
SQUIRRELMAIL : squirrelmail 1.4
PUNBB : PunBB 1.2
PWSPHP : PwsPHP 1.2
MYBB : MyBB 1.0
EKINBOARD : EKINboard 1.0
FANTASTICNEWS : Fantastic News 2.1
WORDPRESS : WordPress 2.0
TECASCRIPTS : Quirex 2.0
PERLBLOG : PerlBlog 1.08
PERLBLOG : PerlBlog 1.09
ARCHANGELWEBLOG : Archangel Weblog 0.90
PHPRPC : phpRPC 0.7
TL4S : D3Jeeb Pro 3
CGICALENDAR : CGI Calendar 2.7
REYERO : DirectContact 3.0
LANSUITE : LanParty Intranet System 2.1
IGENUS : iGENUS Webmail 2.02
4HOMEPAGES : 4images 1.7
ISSUEDEALER : Issue Dealer 0.9
JFACETS : JFacets 0.1
PARODIA : Parodia 6.2
N8CMS : n8cms 1.1
N8CMS : n8cms 1.2
FARSINEWS : Farsinews 2.5
EJ3 : EJ3 TOPo 2.2
SENDCARD : SendCard 3.3
STOREBOT : StoreBot 2002
STOREBOT : StoreBot 2005

Original document SECUNIA, [SA19019] StoreBot 2005 Professional Edition "Pwd" SQL Injection (01.03.2006)

SECUNIA, [SA19060] StoreBot 2002 Standard Edition "ShipMethod" Script Insertion (01.03.2006)

SECUNIA, [SA19039] PunBB "header.php" Cross-Site Scripting Vulnerability (01.03.2006)

SECUNIA, [SA19061] MyBB "comma" Parameter SQL Injection Vulnerability (01.03.2006)

document SECUNIA, [SA19061] MyBB "comma" Parameter SQL Injection Vulnerability (01.03.2006)

mail_(at)_yunusemreyilmaz.com, EJ3 TOPo - Cross Site Scripting Vulnerability (28.02.2006)

Hessam Salehi, FarsiNews 2.5Pro Exploit (28.02.2006)

:) :), n8cms 1.1 & 1.2 version Sql Эnjection And XSS (28.02.2006)

document SECUNIA, [SA19031] JFacets "ProfileID" Profile Change Vulnerability (28.02.2006)

SECUNIA, [SA19044] CrossFire "oldsocketmode" Denial of Service Vulnerability (28.02.2006)

SECUNIA, [SA19045] EKINboard Multiple Vulnerabilities (28.02.2006)

SECUNIA, [SA19018] Issue Dealer Unpublished Content Disclosure Weakness (28.02.2006)

document SECUNIA, [SA19052] MyPHPNuke Cross-Site Scripting Vulnerabilities (28.02.2006)

SECUNIA, [SA19023] PwsPHP "sondage" Module SQL Injection Vulnerability (28.02.2006)

SECUNIA, [SA19026] 4images "template" Parameter File Inclusion Vulnerability (28.02.2006)

SECUNIA, [SA19036] iGENUS Webmail File Inclusion Vulnerability (28.02.2006)

document SECUNIA, [SA19048] LanSuite LanParty Intranet System "fid" SQL Injection (28.02.2006)

k4p0k4p0_(at)_hotmail.com, WordPress 2.0.1 Multiple Vulnerabilities (28.02.2006)

Donato Ferrante, directory traversal in DirectContact 0.3b (28.02.2006)

botan_(at)_linuxmail.org, PixelArtKingdom TopSites Remote Command Exucetion (28.02.2006)

document botan_(at)_linuxmail.org, Knowledgebases Remote Command Exucetion (28.02.2006)

ISecAuditors Security Advisories, [ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail (28.02.2006)

Aliaksandr Hartsuyeu, [eVuln] PerlBlog Multiple Vulnerabilities (28.02.2006)

MANDRIVA, [ MDKSA-2006:049 ] - Updated squirrelmail packages fix vulnerabilities (28.02.2006)

document revnic_(at)_gmail.com, CGI Calendar XSS Vulnerability (28.02.2006)

s3ude_(at)_hotmail.com, 2 SQL Injection in d3jeeb (28.02.2006)

s3ude_(at)_hotmail.com, 2 SQL Injection in Fantastic News (28.02.2006)

JeiAr, phpRPC Library Remote Code Execution (28.02.2006)

Aliaksandr Hartsuyeu, [eVuln] Quirex Arbitrary File Disclosure Vulnerability (28.02.2006)

document kingofska_(at)_gmail.com, Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion (28.02.2006)

Files: FarsiNews 2.5Pro Exploi
phpRPC <= 0.7 commands execute exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server