Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.05.2006
Source:
SecurityVulns ID:6108
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SINGAPORE : singapore 0.9
 PHPFUSION : PHP-Fusion 6.0
 MYBB : MyBB 1.1
 CREATIVESOFTWARE : Creative Community Portal 1.1
 OPENENGINE : OpenEngine 1.8
 ANGELINECMS : AngelineCMS 0.6
 IDEALBB : IdealBB 1.5
 CLAROLINE : e-Learning 1.7
 PHPRAID : phpRaid 2.9
 PHPRAID : phpRaid 3.0
 PHPLISTPRO : PhpListPro 2.01
 ACTUALSCRIPTS : ActualAnalyzer Pro 6.88
 MULTICALENDARS : MultiCalendars 3.0
 PLANETC : plaNetStat 27.01.2005
CVE:CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.)
Original documentdocumentalp_eren_(at)_ayyildiz.org, plaNetStat Admin ByPass (09.05.2006)
 documentDj_ReMix_20_(at)_hotmail.com, # MHG Security Team --- OzzyWork Gallery SQL Injection (09.05.2006)
 documentSECUNIA, [SA20006] EPublisherPro "title" Cross-Site Scripting Vulnerability (09.05.2006)
 documentSECUNIA, [SA20043] EImagePro SQL Injection Vulnerabilities (09.05.2006)
 documentSECUNIA, [SA20017] EDirectoryPro "keyword" Parameter SQL Injection (09.05.2006)
 documentSECUNIA, [SA20030] MultiCalendars "calsids" Parameter SQL Injection Vulnerability (09.05.2006)
 documentBoNy-m_(at)_hotmail.com, tseekdir.cgi<--Local File Include (09.05.2006)
 documentSECUNIA, [SA19996] 2005-Comments-Script Multiple Vulnerabilities (09.05.2006)
 documentSiegfried, [Full-disclosure] Claroline file inclusion vulnerabilities (09.05.2006)
 documentScott Dewey, [Full-disclosure] [XPA] ActualAnalyzer Pro v6.88 - Remote Command Execution Vulnerability (09.05.2006)
 documentAesthetico, [MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability (09.05.2006)
 documentrgod_(at)_autistici.org, PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities (09.05.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 5] phpRaid Remote File Include [SMF] (09.05.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB) (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, singapore v0.9.7 XSS Vulnerabilities (09.05.2006)
 documentbeford, Claroline Open Source e-Learning 1.7.5 Remote File Include (09.05.2006)
 documentCodeScan Labs, Multiple Vulnerabilities In IdealBB ASP Bulletin Board (09.05.2006)
 documentadmin_(at)_subjectzero.net, AngelineCMS Multiple Vulnerabilities (09.05.2006)
 documentimei, [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack (09.05.2006)
 documentck_(at)_caroli.info, OpenEngine (PHP CMS) (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, Phil's Bookmark script admin By-pass (09.05.2006)
 documentSnoBMSN_(at)_Hotmail.De, Limbo CMS (option=weblinks) SQL injection exploit (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, X-POLL admin By-Pass (09.05.2006)
 documentr0t, Creative Community Portal vuln. (09.05.2006)
Files:Exploits PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload
 ActualAnalyzer Remote File Inclusion Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod