Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 27.03.2006
Published:		27.03.2006
Source:
SecurityVulns ID:		5946
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INFOPOP : UBBThreads 5.5
		PHPBB : phpBB 2.0
		INVISION : Invision Power Board 1.3
		PHPADSNEW : phpAdsNew 2.0
		PHPOPENADS : phpPgAds 2.0
		PHPMYFAMILY : phpmyfamily 1.4
		CUREPHP : CuteNews 1.4
		NUKEDKLAN : Nuked-Klan 1.7
		JELSOFT : vBulletin 3.5
		MININUKE : Mini-NUKE 1.8
		ABSOLUTELIVE : Absolute Live Support XE 2.0
		DSPORTAL : DSCounter 1.0
		DSPORTAL : DSDownload 1.0
		CUTECAST : CuteCast 1.2
		INFOPOP : UBBThreads 6.0
		EZHOMEPAGEPRO : EZHomepagePro 1.5
		ESCHOOL : E-School 1.0
		METISWARE : Metisware Instructor 1.3
		WEBHOSTINGAUTOMA : Helm Web Hosting Control Panel 3.2
		AZTEK : Aztek 4.0
		TFTGALLERY : TFT Gallery 0.10
		GBOOK : G-Book 1.0
		PHPTICKET : php ticket 0.71
		CALENDEREXPRESS : Calendar Express 2.2
		MEETINGRESERVE : Meeting Reserve 1.0
		SAPHPLESSON : SaphpLesson2.0
		MAMBO : AkoComment 2.0

Original document		dabdoub_mosikar_(at)_forislam.com, nuked-klan<=1.7.5 SQL Injection (27.03.2006)
		SECUNIA, [SA19397] uniForum "websecadmin.aspx" Cross-Site Scripting (27.03.2006)
		mfoxhacker_(at)_gmail.com, SQL injection in VGM Forbin. (27.03.2006)
		Stefan Keller, AkoComment SQL injection vulnerability (27.03.2006)
		xx_hack_xx_2004_(at)_hotmail.com, SQL Injection in SaphpLesson2.0 (27.03.2006)
		SECUNIA, [SA19372] Meeting Reserve Cross-Site Scripting Vulnerability (27.03.2006)
		SECUNIA, [SA19393] Calender Express Cross-Site Scripting Vulnerability (27.03.2006)
		SECUNIA, [SA19415] Absolute Live Support XE Script Insertion Vulnerability (27.03.2006)
		h4cky0u, [Full-disclosure] HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS (27.03.2006)
		h4cky0u, [Full-disclosure] HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities (27.03.2006)
		Matteo Beccati, [Full-disclosure] [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities (27.03.2006)
		r0t, Helm Web Hosting Control Panel XSS vuln. (27.03.2006)
		r0t, Metisware Instructor XSS vuln. (27.03.2006)
		r0t, E-School Management System XSS vuln. and Web Quiz pro XSS vuln. (27.03.2006)
		r0t, EZHomepagePro multiple XSS vuln. (27.03.2006)
		r0t, BlankOL XSS vuln. (27.03.2006)
		dabdoub_mosikar_(at)_forislam.com, UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection (27.03.2006)
		SpiderZ, Xss Vbulletin 3.5.x ( test: 3.5.4 ) (27.03.2006)
		SpiderZ, phpBB v 2.0.X upload html .gif ( "not 2.0.19" ) (27.03.2006)
		SpiderZ, IPB v1.x upload html .gif (27.03.2006)
		SpiderZ, Mini-NUKE v1.8 (27.03.2006)
		SpiderZ, New exploit by SpiderZ (26.03.2006)
		Aliaksandr Hartsuyeu, [eVuln] DSDownload Multiple SQL Injection Vulnerabilities (26.03.2006)
		Aliaksandr Hartsuyeu, [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability (26.03.2006)

Files:		Topic infinitely exploit phpBB 2.0.19
		Search infinitely exploit phpBB 2.0.19
		ontinuous recordings CuteCast Version 1.2
		php ticket <= 0.71 exploit
		tftgallery 0.10 exploit
		Exploits: Aztek 4.0 Gives Admin rights to a normal user
		CuteNews 1.4.1 (CutePHP.com) Hash password Finder
Discuss:		Read or add your comments to this news (0 comments)