Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 15.06.2006
Source:
SecurityVulns ID: 6262
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: VBZOOM : VBZooM 1.01
TIKIWIKI : tikiwiki 1.9
VBZOOM : VBZooM 1.11
PHPBANNEREXCHANG : phpBannerExchange 2.0
BLUR6EX : blur6ex 0.3
DELUXEBB : DeluxeBB 1.06
CMSMUNDO : CMS Mundo 1.0
VBZOOM : VBZooM 1.02
35MMSLIDEGALLERY : 35mmslidegallery 6
PHPMESSENGER : PHP MESSENGER 1.0
SHOUTBOX : Shoutbox 1.5
LTWCALENDAR : Ltwcalendar 4.1
LTWCALENDAR : Jobline 1.1
WEBCMS : Web-CMS 1.0
PHPASKIT : PHPAskIt 2.0
PHPMYFACTURES : PhpMyFactures 1.0
MCGUESTBOOK : mcGuestbook 1.3
CHIPMAILER : Chipmailer 1.09
GSHOUT : G Shout 1.3
SHOUTPRO : Shoutpro 1.0
SIMPLESHOUT : Simpleshout 1.6
WBB : wbb 2.2
PHPBLUEDRAGON : Php Blue Dragon CMS 2.9
ISPCONFIG : ISPConfig 2.2
ANDYSCHAT : Andys Chat 4.5
CVE: CVE-2006-7015 (** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.)
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.)

Original document SpC-x, Andys Chat 4.5 (action) Remote File Inclusion (15.06.2006)

RedTeam Pentesting, [Full-disclosure] Advisory: Authentication bypass in phpBannerExchange (15.06.2006)

RedTeam Pentesting, [Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange (15.06.2006)

document SECUNIA, Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities (15.06.2006)

SECUNIA, Secunia Research: CMS Mundo SQL Injection and File Upload Vulnerabilities (15.06.2006)

Federico Fazzi, [FSA016] ISPConfig 2.2.3, File inclusion vulnerability (15.06.2006)

document Federico Fazzi, PhpBlueDragon CMS 2.9.1, File inclusion vulnerability (15.06.2006)

SpC-x, Fusion Polls (xtrphome) Remote File Inclusion (15.06.2006)

SpC-x, Flipper Poll (root_path) Remote File Inclusion (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.1.6 "profile.php" SQL injection (15.06.2006)

document CrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.2.1 "studienplatztausch.php" SQL injection (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, wbb<<--v 2.2.2 "thread.php" SQL injection (15.06.2006)

SpC-x, bbrss PhpBB (phpbb_root_path) Remote File Inclusion (15.06.2006)

alp_eren_(at)_ayyildiz.org, Freeze Greetings Cards PWD.txt (15.06.2006)

document SpC-x, Simpleshout 1.6.0 Version - Remote File Include Vulnerability (15.06.2006)

SpC-x, Shoutpro 1.0 Version - Remote File Include Vulnerability (15.06.2006)

SpC-x, G Shout 1.3.1 Version - Remote File Include Vulnerability (15.06.2006)

Aesthetico, [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities (15.06.2006)

document tamriel_(at)_gmx.net, Chipmailer <= 1.09 Multiple Vulnerabilities (15.06.2006)

gamr-14_(at)_hotmail.com, file include exploits in mcGuestbook 1.3 (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<-- V1.11 "show.php" SQL injection (15.06.2006)

gmdarkfig_(at)_gmail.com, PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others (15.06.2006)

document bug_(at)_securitynews.ir, TikiWiki Sql injection & XSS Vulnerabilities (15.06.2006)

erne_(at)_ernealizm.com, # MHG Security Team --- PHPAskIt v2.0.1 Remote File Inc. (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, Web-CMS <<--1.0 "print.php" SQL injection (15.06.2006)

SpC-x, S H O U T B O X (v1.5) Version - Remote File Include Vulnerability (15.06.2006)

document SpC-x, Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities (15.06.2006)

SpC-x, Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities (15.06.2006)

SpC-x, Jobline 1 1 1 Version - Remote File Include Vulnerability (15.06.2006)

SpC-x, PHP MESSENGER 1.0 Version - Remote File Include Vulnerability (15.06.2006)

document black-cod3_(at)_hotmail.com, multiple Xss exploits in 35mmslidegallery V6 (15.06.2006)

SpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.01 "language.php" SQL injection (15.06.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.11 "subject.php" SQL injection (15.06.2006)

document CrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.02 "meaning.php" SQL injection (15.06.2006)

Files: Exploits blur6ex <= 0.3.462 'ID' blind SQL injection / admin credentials disclosure
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server