Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.06.2006
Source:
SecurityVulns ID:6218
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEMACHINES : Simple Machines Forum 1.0
 MYBLOGGIE : myBloggie 2.1
 DRUPAL : Drupal 4.6
 SMF : Simple Machines Forum 1.1
 ASHNEWS : ashnews 0.83
 DRUPAL : Drupal 4.7
 BYTEHOARD : bytehoard 2.1
 WEBLOGOGGI : Weblog Oggi 1.0
 PHPMANUALMAKER : PHP ManualMaker 1.0
 REDAXO : Redaxo CMS 2.7
 REDAXO : Redaxo CMS 3.0
 REDAXO : Redaxo CMS 3.1
 REDAXO : Redaxo CMS 3.2
 ASPWEBLINKS : aspWebLinks 2.0
 INFORMIUM : Informium 0.12
 IGLOO : Igloo 0.1
CVE:CVE-2006-7013 (** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue.)
Original documentdocumentKacper, ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities (03.06.2006)
 documentKacper, Igloo 0.1.9 and prior [(text_wiki mod)] - Remote File Include Vulnerabilities (03.06.2006)
 documentKacper, Informium 0.12.0 - Remote File Include Vulnerabilities (03.06.2006)
 documentUwe Hermann, [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue (03.06.2006)
 documentUwe Hermann, [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue (03.06.2006)
 documentUwe Hermann, [DRUPAL-SA-2006-006] Drupal 4.6.7 / 4.7.1 fixes arbitrary file execution issue (03.06.2006)
 documentUwe Hermann, [DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue (03.06.2006)
 documenterne ayaz, # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit (03.06.2006)
 documentsoot hackers, Pro Publish SQL Injection and XSS Vulnerabilities (03.06.2006)
 documentwebmaster_(at)_azhteam.com, new bug (03.06.2006)
 documentajannhwt_(at)_hotmail.com, aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit (03.06.2006)
 documentbeford, Redaxo CMS <= 3.2 Remote File Include (03.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, newsfactory Cross Site Scripting & SQL injection (03.06.2006)
 documentbeford, Bytehoard 2.1 Remote File Include (03.06.2006)
 documentluny_(at)_youfucktard.com, PHP ManualMaker v1.0 (03.06.2006)
 documentluny_(at)_youfucktard.com, Weblog Oggi v1.0 (03.06.2006)
 documentJessica Hope, SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability (03.06.2006)
Files:AspWebLink 2.0 Remote Admin Pass Change Exploit
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server