Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		06.06.2006
Source:
SecurityVulns ID:		6221
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CYBOARDS : CyBoards PHP Lite 1.25
		BOOKMARK4U : Bookmark4U 2.0
		ASHOP : A-shop 0.70
		ASPSCRIPTZ : ASPScriptz Guest Book 2.0
		RUMBLE : Rumble 1.02
		LABWIKI : LabWiki 1.0
		KMITAFAQ : Kmita FAQ 1.0
		FUNKBOARD : FunkBoard CF0.71
		NEWSENGINE : NewsEngine 1.5
		DREAMACCOUNT : DREAMACCOUNT 3.1
		DREAMCOST : HostAdmin 3.1
		DMXFORUM : Dmx Forum 2.1
		MYNEWSLETTER : myNewsletter 1.1

Original document		mac68k_(at)_gmail.com, [Kil13r-SA-20060606] ESTsoft InternetDISK Arbitary Code Execution Vulnerability (06.06.2006)
		farhad koosha, [KAPDA::#47] - myNewsletter 1.1.2 SQL_Injection (06.06.2006)
		gmdarkfig_(at)_gmail.com, Dmx Forum <= v2.1a Remote Passwords Disclosure (06.06.2006)
		Aesthetico, [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability (06.06.2006)
		Aesthetico, [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability (06.06.2006)
		ajannhwt_(at)_hotmail.com, ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability (06.06.2006)
		luny_(at)_youfucktard.com, Kmita FAQ v1.0 (06.06.2006)
		luny_(at)_youfucktard.com, LabWiki v1.0 (06.06.2006)
		SpC-x, CyBoards PHP Lite v1.25 (common.PHP) Remote File Inclusion (06.06.2006)
		erne_(at)_ernealizm.com, # MHG Security Team ---Rumble 1.02 version Remote File Inc. (06.06.2006)
		omnipresent_(at)_email.it, ASPScriptz Guest Book 2.0 Remote XSS (06.06.2006)
		selfar2002_(at)_hotmail.com, Bookmark4U Remote File Include (06.06.2006)
		omnipresent_(at)_email.it, XSS bug in ASPscriptz.com guestbook (06.06.2006)
		Brother Hood, A-shop v0.70 SQL INECTION (06.06.2006)

Files:		Dmx Forum <= v2.1a SQL Injection Exploit
Discuss:		Read or add your comments to this news (0 comments)