Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 23.05.2006
Source:
SecurityVulns ID: 6170
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: XOOPS : xoops 2.0
PUNBB : PunBB 1.2
PHPCOMMUNITYCALE : phpCommunityCalendar 4.0
PHPWCMS : phpwcms 1.2
MYBB : MyBB 1.1
PHPRAID : phpRaid 2.9
HIOX : Hiox Guestbook 3.1
CAPTIVATE : Captivate 1.0
DESTINEY : Destiney Links Script 2.1
DESTINEY : Destiney Rated Images Script 0.5
POWERPLACE : PHP Easy Galerie 1.1
CODEAVALANCHE : CANews 1.2
ARTMEDIC : Artmedic Newsletter 4.1
PERLPODDER : perlpodder 0.4
PRODDER : Prodder 0.4
FUSION : Fusion News 1.0
UBB : UBB.threads 6.4
NUCLEUSCMS : nucleus 3.22
DOCEBO : Docebo 3.0
CVE: CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.)

Original document Kacper, Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities (23.05.2006)

MILW0RM, phpCommunityCalendar 4.0.3 Multiple Vulnerabilites (23.05.2006)

MILW0RM, UBB.threads >= 6.4.x Remote File Inclusion (23.05.2006)

RedTeam Pentesting, Prodder Remote Arbitrary Command Execution (23.05.2006)

document RedTeam Pentesting, Perlpodder Remote Arbitrary Command Execution (23.05.2006)

c.j.schmitz_(at)_gmx.de, Remote Code Execution in artmedic Newsletter 4.1 [log.php] (23.05.2006)

TeufeL Online, phpRaid "view.php" XSS Vulnerability (23.05.2006)

outlaw_(at)_aria-security.net, Beoped Portal XSS (23.05.2006)

document omnipresent_(at)_email.it, CANews Multiple Vulnerabilities (23.05.2006)

alireza hassani, mybb v1.1.1(rss.php) SQL Injection Exploit (23.05.2006)

alireza hassani, [KAPDA::#43] - phpwcms multiple vulnerabilities (23.05.2006)

craziest_(at)_gmail.com, PHP Easy Galerie Index.PHP Remote File Include Vulnerability (23.05.2006)

document luny_(at)_youfucktard.com, Captivate 1.0 - XSS Vuln (23.05.2006)

luny_(at)_youfucktard.com, Destiney Links Script v2.1.2 (23.05.2006)

luny_(at)_youfucktard.com, Destiney Rated Images Script v0.5.0 - XSS Vulnv (23.05.2006)

k4p0k4p0_(at)_hotmail.com, PunBB 1.2.11 Cross site scripting (23.05.2006)

document luny_(at)_youfucktard.com, Hiox Guestbook 3.1 (23.05.2006)

Files: Nucleus <= 3.22 arbitrary remote inclusion exploit
Fusion News v.1.0 Remote File Inclusion Exploit
XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin