Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 31.05.2006
Published:		31.05.2006
Source:
SecurityVulns ID:		6203
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPNUKE : PHP-Nuke 7.9
		OABOARD : OaBoard 1.0
		WEBCALENDAR : WebCalendar 1.0
		WBB : WBB 2.3
		4NNUKEWARE : 4nNukeWare 0.91
		PHPMYDESKTOP : phpMyDesktop|arcade 1.0
		WORDPRESS : Open Searchable Image Catalogue 0.7
		QONTENTONE : QontentOneCMS 1.0
		TOENDA : toendaCMS 0.7
		SUPPORTCARDS : Support Cards 1

Original document		black-cod3_(at)_hotmail.com, file include exploit in Support Cards v1 (31.05.2006)
		kubasx_(at)_gmail.com, toendaCMS 0.7.0 Cross Site Scripting (31.05.2006)
		luny_(at)_youfucktard.com, QontentOneCMS v1.0 (31.05.2006)
		erne_(at)_ernealizm.com, # MHG Security Team --- PHP NUKE All version Remote File Inc. (31.05.2006)
		black-cod3_(at)_hotmail.com, Xss exploit in Chipmunk directory (31.05.2006)
		enji_(at)_seclab.tuwien.ac.at, Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities (31.05.2006)
		socsam_(at)_linuxmail.org, WebCalendar-1.0.3 reading of any files (31.05.2006)
		Hessam Salehi, OaBoard 1.0 Remote File inclusion (31.05.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, WBB<--v2.3.4"misc.php" SQL injection Vulnerability (31.05.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, NorthStudio Cross Site Scripting Vulnerability (31.05.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, Bratpack Cross Site Scripting Vulnerability (31.05.2006)
		darkgod.xsf_(at)_gmail.com, phpMyDesktop|arcade 1.0 FINAL Code Execution (31.05.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, 4nNukeWare<--V 0.91 SQL Injection exploits (31.05.2006)

Files:		pppBlog <= 0.3.8 system disclosure exploit
Discuss:		Read or add your comments to this news (0 comments)