Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 10.04.2006
Source:
SecurityVulns ID: 5987
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPOPENCHAT : PhpOpenChat 3.0
MYBB : MyBB 1.0
XMBFORUM : XMB Forum 1.9
GALLERY : Gallery 1.5
MAXDEV : MD-Pro 1.0
SPIP : SPIP 1.8
PAPOO : Papoo 2.1
CLEVERCOPY : Clever Copy 3.0
JUPITERPORTAL : Jupiter Cms 1.1
SHOPWEEZLE : Shopweezle 2.0
ECOTWO : ecotwo Shopsystem 1.0
AWEBBB : aWebBB 1.2
SAPHPLESSON : SaphpLesson 3.0
NULLNEWS : Null news 2005.07.27
SIRE : Sire 2.0
PHPNEWSMANAGER : phpNewsManager 1.48
VSNSLEMON : VSNS Lemon 3.2
VCOUNTER : vCounter 1.0
NEWSLETTER : Newsletter 1.0
XBRITE : XBrite Members 1.1
ADODB : adodb 1.51

Original document crasher_(at)_kecoak.or.id, Vulnerabilities in SPIP (10.04.2006)

r0xes.ratm_(at)_gmail.com, XMB Forum 1.9.5-Final XSS (10.04.2006)

r0t, interaktiv.shop v.5 XSS vuln. (10.04.2006)

o.y.6_(at)_hotmail.com, MyBB 1.10 'newthread.php' < CrossSiteScripting > (10.04.2006)

document SECUNIA, [SA19578] MAXdev MD-Pro "topicid" SQL Injection Vulnerability (10.04.2006)

SECUNIA, [SA19580] Gallery Unspecified Script Insertion Vulnerabilities (10.04.2006)

DEBIAN, [SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities (10.04.2006)

SECUNIA, [SA19602] XBrite Members "id" SQL Injection Vulnerability (10.04.2006)

document king_purba_(at)_yahoo.co.uk, Multiple vulnerability in jupiter CMS (10.04.2006)

:) :), Shadowed Portal Cross Site Scripting (10.04.2006)

Aliaksandr Hartsuyeu, [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability (10.04.2006)

king_purba_(at)_yahoo.co.uk, MAXDEV CMS Multiple vulnerabilities (10.04.2006)

document Aliaksandr Hartsuyeu, [eVuln] vCounter - sourceworkshop SQL Injection Vulnerability (10.04.2006)

eufrato_(at)_gmail.com, [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure (10.04.2006)

imei, [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack (10.04.2006)

document Aliaksandr Hartsuyeu, [eVuln] VSNS Lemon Multiple Vulnerabilities (10.04.2006)

dr.jr7_(at)_hotmail.com, SQL Injection in Chipmunk Guestbook (10.04.2006)

Aliaksandr Hartsuyeu, [eVuln] phpNewsManager Multiple SQL Injections (10.04.2006)

simo64_(at)_gmail.com, Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload (10.04.2006)

document Aliaksandr Hartsuyeu, [eVuln] Null news SQL Injection Vulnerability (10.04.2006)

w3.__(at)_hotmail.com, Xss In SaphpLesson3.0 (10.04.2006)

codexploder_(at)_linuxmail.org, Autonomous LAN party File iNclusion (10.04.2006)

r0t, Papoo Multiple SQL vuln. (10.04.2006)

KeVRter, awebBB 1.2 Vuln (10.04.2006)

document r0t, APT-webshop-system vuln. (10.04.2006)

r0t, ecotwo Shopsystem vuln. (10.04.2006)

r0t, Shopweezle 2.0 multiple vuln. (10.04.2006)

Files: Exploits XBrite Members <= 1.1 remote sql injection vulnerability
PHPList <= 2.10.2 GLOBALS[] remote cmmnds xctn
Exploits PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
ADODB tmssql.php Denial of service
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server