Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 27.05.2006
Source:
SecurityVulns ID: 6194
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: TIKIWIKI : tikiwiki 1.9
PLUMECMS : Plume CMS 1.0
VWEBMAIL : V-Webmail 1.6
TOASTFORUMS : Toast Forums 1.6
EVAWEB : EVA-Web 2.1
DOCEBO : Docebo LMS 2.05
MONSTERTOPLIST : Monster Top List 1.4
EASYCONTENT : Easy-Content Forums 1.0
SOCKETMAIL : Socketmail 2.2
TAMBER : Tamber Forum 1.9
PHPRESIDENCE : PHPResidence 0.6
AGTC : PHP AGTC-Membership system 1.1
BYTEHOARD : bytehoard 2.1
ASSETMAN : AssetMan 2.4
PHPSIMPLECHOOSE : PHPSimple Choose 0.3
SUPERLINKEXCHANG : Super Link Exchange 1.0
VACATIONRETAL : Vacation Retal Script 1.0
PRETTYGUESTBOOK : Pretty Guestbook 1
SMILEGUESTBOOK : Smile Guestbook 1
MORRISGUESTBOOK : Morris Guestbook 1
CVE: CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.)

Original document Vympel, [Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities (27.05.2006)

luny_(at)_youfucktard.com, Morris Guestbook v1 (27.05.2006)

luny_(at)_youfucktard.com, Smile Guestbook v1 (27.05.2006)

luny_(at)_youfucktard.com, Pretty Guestbook v1 (27.05.2006)

document luny_(at)_youfucktard.com, Vacation Retal Script v1.0 (27.05.2006)

luny_(at)_youfucktard.com, Super Link Exchange Script v1.0 (27.05.2006)

luny_(at)_youfucktard.com, PHPSimple Choose v0.3 (27.05.2006)

luny_(at)_youfucktard.com, iBoutique.MALL - Directory Traversal (27.05.2006)

document mail_(at)_yunusemreyilmaz.com, Seditio Cross Site Scripting Vulnerability (27.05.2006)

ajannhwt_(at)_hotmail.com, Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities (27.05.2006)

zerogue_(at)_gmail.com, Assetman <= 2.4a XSS (27.05.2006)

zerogue_(at)_gmail.com, ByteHoard <= 2.1 multiple vulnerabilities (27.05.2006)

document zerogue_(at)_gmail.com, PHP AGTC-Membership system <= v1.1a XSS (27.05.2006)

zerogue_(at)_gmail.com, PHPResidence <= 0.6 XSS (27.05.2006)

beford, Plume CMS Remote File Include (27.05.2006)

blwood_(at)_skynet.be, Multiple XSS Vulnerabilities in Tikiwiki 1.9.x (27.05.2006)

document ajannhwt_(at)_hotmail.com, Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities (27.05.2006)

Aesthetico, [MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability (27.05.2006)

ajannhwt_(at)_hotmail.com, qjForum(member.asp) SQL Injection Vulnerability (27.05.2006)

document alp_eren_(at)_ayyildiz.org, phpjobboard Authecnical admin byPass (27.05.2006)

ajannhwt_(at)_hotmail.com, Toasts Forums 1.6.44 in Xss (27.05.2006)

ajannhwt_(at)_hotmail.com, Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities (27.05.2006)

V8f3_(at)_hotmail.com, XSS in Monster Top List | MTL 1.4 (27.05.2006)

document beford, Docebo LMS 2.05 Remote File Include (27.05.2006)

Some One, XSS in Omegasoft's Insel (27.05.2006)

beford, V-Webmail 1.6.4 Remote File Include (27.05.2006)

r0t, EVA-Web <=2.1.2 vuln. (27.05.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin