Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		17.04.2006
Source:
SecurityVulns ID:		6017
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPGRAPHY : phpGraphy 0.9
		DDBS : DbbS 2.0
		POWERSCRIPTS : PowerClan 1.14
		FLEXBB : FlexBB 0.5
		DENWER : Денвер 2
		PHPLINKS : phpLinks 2.1
		BETABOARD : BetaBoard 0.1
		BITWEAVER : bitweaver 1.3
		TWG : TinyWebGallery 1.4
		FUJU : fuju news 1.0
		BMACHINE : bMachine 2.7
		MYEVENT : MyEvent 1.2
		PHPWEBFTP : phpwebftp 3.2

Original document		rgod_(at)_autistici.org, - PHPGraphy <= 0.9.11 "editwelcome" unauthorized access / cross site scripting - (17.04.2006)
		arko.dhar_(at)_gmail.com, PhpWebFTP 3.2 Login Script (17.04.2006)
		botan_(at)_linuxmail.org, MyEvent Remote File Execution And XSS Attacking (17.04.2006)
		botan_(at)_linuxmail.org, Calendarix "yearcal.php" XSS Attacking (17.04.2006)
		kr4ch_(at)_web.de, FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass] (17.04.2006)
		w3.__(at)_hotmail.com, Xss In bMachine 2٫7 (17.04.2006)
		yamcho_(at)_mail.it, DbbS<=2.0-alpha Multiple Vulnerabilities (17.04.2006)
		SECUNIA, [SA19677] Fuju News Authentication Bypass and SQL Injection (17.04.2006)
		SECUNIA, [SA19689] PowerClan "memberid" SQL Injection Vulnerability (17.04.2006)
		SECUNIA, [SA19660] TinyWebGallery "twg_album" Cross-Site Scripting Vulnerability (17.04.2006)
		SECUNIA, [SA19673] Bitweaver "error" Cross-Site Scripting Vulnerability (17.04.2006)
		r0t, phpLinks <= 2.1.3.1 XSS vuln. (17.04.2006)
		izi, [Full-disclosure] BetaBoard Cross Site Scripting vulnerability (17.04.2006)
		Агиевич Игорь aka Shanker, Уязвимость в Денвере-2: XSS (17.04.2006)

Files:		FlexBB <= 0.5.5 (/inc/start.php _COOKIE) Remote SQL ByPass Exploit
Discuss:		Read or add your comments to this news (0 comments)