Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		12.04.2006
Source:
SecurityVulns ID:		5999
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		TRITANIUM : Tritanium Bulletin Board 1.2
		INDEXU : INDEXU 5.0
		VNEWS : VNews 1.2
		SWSOFT : Confixx 3.1
		BLUR6EX : blur6ex 0.3
		SMARTISOFT : phpListPro 2.0
		VBOOK : [V]Book 2.0
		MANILA : Manila 9.5
		QLNEWS : QLnews 1.2
		SIMPLOG : simplog 0.9
		ZOPE : zope-cmfplone 2.0
		AZDGVOTE : AzDGVote 1.0
		MVBLOG : MvBlog 1.6
		CLANSYS : Clansys 1.1

Original document		SECUNIA, [SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities (12.04.2006)
		DEBIAN, [SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation (12.04.2006)
		Aliaksandr Hartsuyeu, [eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities (12.04.2006)
		securiteam_(at)_datasec.no, SAXoPRESS - directory traversal (12.04.2006)
		selfar2002_(at)_hotmail.com, AzDGVote File inclusion (12.04.2006)
		Aliaksandr Hartsuyeu, [eVuln] VNews Multiple Vulnerabilities (12.04.2006)
		d4igoro_(at)_gmail.com, Tritanium Bulletin Board 1.2.3 - XSS (12.04.2006)
		sn4k3.23_(at)_gmail.com, Confixx 3.1.2 <= SQL Injection (12.04.2006)
		d4igoro_(at)_gmail.com, Manila <= 9.5 - XSS Vulnerabilities (12.04.2006)
		Aliaksandr Hartsuyeu, [eVuln] [V]Book Multiple Vulnerabilities (12.04.2006)
		Aesthetico, phpListPro <= 2.0 - Remote File Include Vulnerability (12.04.2006)
		crasher_(at)_kecoak.or.id, Multiple vulnerabilities in Blur6ex (12.04.2006)
		selfar2002_(at)_hotmail.com, INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit (12.04.2006)

Files:		Simplog <= 0.9.2 "s" remote cmmnds xctn
		r57phpbba2e2.pl - phpBB admin 2 exec exploit
		Exploits clansys 1.1 remote sql injection
Discuss:		Read or add your comments to this news (0 comments)