Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.04.2006
Source:
SecurityVulns ID:6023
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAMBOSERVER : Mambo Server 4.6
 CUREPHP : CuteNews 1.4
 PLEXUM : PlexCart X3
 SWSOFT : Confixx 3.1
 BOARDSOLUTION : Boardsolution 1.12
 FUJU : fuju news 1.0
 PHPSURVEYOR : PHPSurveyor 0.995
 AWSTATS : AWStats 6.5
 PLEXUM : Plexum X5
 BANNERFARM : BannerFarm 2.3
 INTELLILINK : IntelliLink 5.06
 COMMUNIMAIL : CommuniMail 1.2
 VISALE : Visale 1.0
 PHPLISTER : phpLister 0.4
 INTERNETPHOTOSHO : Internet Photoshow 1.3
 PHPNETTOOLS : PHP Net Tools 2.7
 BLACKORPHEUS : Blackorpheus ClanMemberSkript 1.0
 PMTOOL : PMTool 1.2
 TOTALCALENDAR : TotalCalendar 2.0
 ACTUALSCRIPTS : ActualAnalyzer Lite 2.72
 ACTUALSCRIPTS : ActualAnalyzer Gold 7.63
 ACTUALSCRIPTS : ActualAnalyzer Server 8.23
 PHPFABER : phpFaber TopSites 1.9
 WARFORGE : warforge.NEWS 1.0
CVE:CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.)
Original documentdocumentSECUNIA, [SA19697] warforge.NEWS Multiple Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19652] phpFaber TopSites "page" Cross-Site Scripting Vulnerability (19.04.2006)
 documentsusam.pal_(at)_gmail.com, XSS Vulnerability in Guest-book script powered by Community Architect (19.04.2006)
 documentAesthetico, [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability (19.04.2006)
 documentSECUNIA, [SA19730] TotalCalendar "inc_dir" File Inclusion Vulnerability (19.04.2006)
 documentSECUNIA, [SA19654] Boardsolution "keyword" Cross-Site Scripting Vulnerability (19.04.2006)
 documentSECUNIA, [SA19685] PMTool "order" SQL Injection Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19726] Internet Photoshow "page" File Inclusion Vulnerability (19.04.2006)
 documentsn4k3.23_(at)_gmail.com, CuteNews 1.4.1 <= Cross Site Scripting (19.04.2006)
 documentDefa, [Full-disclosure] Confixx Index.PHP SQL Injection Vulnerability (Exploit - not new vuln) (19.04.2006)
 documentalireza hassani, [KAPDA::#41] - Mambo/Joomla rss component vulnerability (19.04.2006)
 documentbotan_(at)_linuxmail.org, phpLister v. 0.4.1 XSS Attacking (19.04.2006)
 documentr0t, Visale XSS vuln. (19.04.2006)
 documentr0t, CommuniMail XSS vuln. (19.04.2006)
 documentr0t, IntelliLink Pro XSS vuln. (19.04.2006)
 documentr0t, BannerFarm XSS vuln. (19.04.2006)
 documentr0t, PlexCart X3 SQL Injection Vulnerability (19.04.2006)
 documentr0t, Plexum X5 SQL vuln. (19.04.2006)
 documentr0t, AWStats 6.5 vuln. (19.04.2006)
 documentomnipresent_(at)_email.it, phpsurveyor Multiple Vulnerabilities (19.04.2006)
Files:PHP Net Tools Remote Code Execution Exploit
 Internet PhotoShow Remote File Inclusion Exploit
 Exploits fuju news 1.0 remote sql injection
 Exploits Blackorpheus ClanMemberSkript 1.0 remote sql injection
 Mambo/Joomla Path Disclosure & Remote DOS Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod