Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.04.2006
Source:
SecurityVulns ID:6018
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MODX : modx 0.9
 ARTICLEPUBLISHER : Article Publisher Pro 1.0
 BLUEPAY : BluePay Manager 2.0
 MODERNBILL : ModernBill 4.3
 LEADHOUND : Leadhound 2.1
 XFLOW : xFlow 5.46
 SHOUTBOOK : ShoutBOOK 1.1
 NEURONBLOG : Neuron Blog 1.1
 CZARNEWS : CzarNews 1.14
 TINYPHPFORUM : Tiny PHP forum 3.6
 WIREPLASTIK : wpBlog 0.4
 LINPHA : Linpha 1.1
 RECHNUNGSZENTRAL : RechnungsZentrale 2
CVE:CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentGroundZero Security, [Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities (18.04.2006)
 documentd4igoro_(at)_gmail.com, Linpha 1.1.0 - XSS Vulnerabilities (18.04.2006)
 documentSECUNIA, [SA19645] MODx Cross-Site Scripting and Directory Traversal (18.04.2006)
 documentSECUNIA, [SA19716] Avaya CMS / IR "/proc" Denial of Service (18.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability (18.04.2006)
 documentSteve, Neon Responder (Dos,Exploit) (18.04.2006)
 documentqex_(at)_bsdmail.org, AnimeGenesis <= XSS (18.04.2006)
 documentHessam Salehi, Tiny PHP forum - vulns (18.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities (18.04.2006)
 documentqex_(at)_bsdmail.org, Neuron Blog <= 1.1 XSS (18.04.2006)
 documentqex_(at)_bsdmail.org, ShoutBOOK <= 1.1 XSS (18.04.2006)
 documentr0t, BluePay Manager v2.0 Script Insertion Vulnerability (18.04.2006)
 documentr0t, ModernBill multiple SQL inj. vuln. (18.04.2006)
 documentr0t, Leadhound multiple vuln. (18.04.2006)
 documentr0t, xFlow v5.x multiple vuln. (18.04.2006)
 documentr0t, Article Publisher Pro SQL inj. (18.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod