Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.06.2006
Source:
SecurityVulns ID:6241
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DOCEBO : Docebo CMS 3.0
 OKSCRIPTS : OkMall 1.0
 IFOTO : iFoto 0.20
 PHAZIZGUESTBOOK : phazizGuestbook 2.0
 DOCEBO : Docebo Core 3.0
 DOCEBO : Docebo Kms 3.0
 DOCEBO : Docebo Lms 3.0
 MOBESCRIPTS : MobeSpace 2.0
 TINYMUW : TinyMuw 1.0
 SITETRADE : ST AdManager Lite 1
 ASPLISTPICS : ASPListpics 4.0
CVE:CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577.)
Original documentdocumentmorning_wood, [Full-disclosure] ASPListPics (10.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability (10.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability (10.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability (10.06.2006)
 documentluny_(at)_youfucktard.com, ST AdManager Lite v1 (10.06.2006)
 documentluny_(at)_youfucktard.com, P.A.I.D v2.2 (10.06.2006)
 documentBuNy-m_(at)_hotmail.com, PHP-Nuke Download Module Remote SQL Injection (10.06.2006)
 documentluny_(at)_youfucktard.com, TinyMuw v1.0 - XSS (10.06.2006)
 documentluny_(at)_youfucktard.com, mole.com.ua Ticket Booking Script - XSS (10.06.2006)
 documentluny_(at)_youfucktard.com, mole.com.ua Booking Script (10.06.2006)
 documentluny_(at)_youfucktard.com, MobeSpace v2.0 - XSS (10.06.2006)
 documentFederico Fazzi, Docebo Kms 3.0.3, Remote command execution (10.06.2006)
 documentFederico Fazzi, Docebo Lms 3.0.3, Remote command execution (10.06.2006)
 documentFederico Fazzi, Docebo Core 3.0.3, Remote command execution (10.06.2006)
 documentFederico Fazzi, Docebo CMS 3.0.3, Remote command execution (10.06.2006)
 documentluny_(at)_youfucktard.com, phazizGuestbook v2.0 - XSS (10.06.2006)
 documentluny_(at)_youfucktard.com, iFoto v0.20-06/06/06 (10.06.2006)
 documentluny_(at)_youfucktard.com, okscripts.com - XSS Vulns (10.06.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod