Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.06.2006
Source:
SecurityVulns ID:6219
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ADVANCEDGUESTBOO : Advanced Guestbook 2.3
 COOLFORUM : CoolForum 0.8
 DOTCLEAR : Dotclear 1.2
 DOTPROJECT : dotProject 2.0
 LIFETYPE : LifeType 1.0
 XUEBOOK : xueBook 1.0
 IBWD : iBWd Guestbook 1.0
 PIXELPOST : Pixelpost 1-5
 LOCAZOLIST : LocazoList Classifieds 1.05
 DOTWIDGET : dotWidget CMS 1.0
 DOKUWIKI : DokuWiki 2006/06/04
 OSADS : OSADS 1.3
 BLUESHOES : BlueShoes Framework 4.5
 BLUESHOES : BlueShoes Framework 4.6
Original documentdocumentSECUNIA, [SA20418] dotProject Cross-Site Scripting Vulnerability (05.06.2006)
 documentSECUNIA, [SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities (05.06.2006)
 documentSECUNIA, [SA20441] OSADS Board Comments Script Insertion Vulnerability (05.06.2006)
 documentStefan Esser, [Full-disclosure] Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker (05.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, SMS "messages.php" SQL injection (05.06.2006)
 documenttry_og_(at)_hotmail.com, Timberland Search XSS Vulnerability (05.06.2006)
 documentAesthetico, [MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability (05.06.2006)
 documentcanberx_(at)_linuxmail.org, phpBB2 (template.php) Remote File Inclusion (05.06.2006)
 documentajannhwt_(at)_hotmail.com, LocazoList Classifieds <= v1.05e(viewmsg.asp) Remote SQL Injection Vulnerability (05.06.2006)
 documentgmdarkfig_(at)_gmail.com, Critical SQL Injection in CoolForum (05.06.2006)
 documentSpC-x, Advanced Guestbook 2.3.1 /index.PHP/ SQL Injection (05.06.2006)
 documentSpC-x, AzDGGuestbook SQL Injection Vulnerability (05.06.2006)
 documentSpC-x, LDU Portal All Version SQL Injection (05.06.2006)
 documentSpC-x, iBWd Guestbook 1.0 SQL Injection (05.06.2006)
 documentSpC-x, xueBook 1.0 Version SQL Injection (05.06.2006)
Files:Exploits DotClear <= 1.2.4 prepend.php/'blog_dc_path' arbitrary remote inclusion
 Pixelpost <= 1-5rc1-2 privilege escalation exploit
 LifeType <= 1.0.4_r3270 SQL injection / admin credentials disclosure
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru