Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.06.2006
Source:
SecurityVulns ID:6276
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 JELSOFT : vBulletin 3.5
 VBZOOM : VBZooM 1.11
 MPCS : MPCS 0.2
 VBZOOM : VBZooM 1.00
 SAPHPLESSON : SaphpLesson 1.1
 SGAL : singapore gallery 0.10
 DKSCRIPT : Dragons Kingdom Script 1.0
 RIG : Ralf Image Gallery 0.7
CVE:CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.)
Original documentdocumentCrAzY.CrAcKeR_(at)_hotmail.com, RahnemaCo "page.php" Remote File Inclusion[2] (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, Module's Name Content<<--V1.0 SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, Module's Name Downloads <<--V 7 SQL injection (21.06.2006)
 documentAesthetico, [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, vBulletin<<--v3.5.X "member.php" Cross Site Scripting (21.06.2006)
 documentalijsb_(at)_yahoo.com, qtofilemanager xss attack ! (21.06.2006)
 documentluny_(at)_youfucktard.com, V3Chat Instant Messenger - XSS (21.06.2006)
 documentluny_(at)_youfucktard.com, Dragons Kingdom v1.0 - XSS & cookie disclosure (21.06.2006)
 documententrika_fs_(at)_yahoo.com, WeBBoA Hosting Script SQL Injection (21.06.2006)
 documentsimo64_(at)_gmail.com, singapore gallery <= 0.10.0 Multiple Vulnerabilities (21.06.2006)
 documentalijsb_(at)_yahoo.com, onedotoh xss atack (21.06.2006)
 documentFixer, XSS Vulnerability in Maximus SchoolMAX (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, SaphpLesson<<--1.1 "misc.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.00 "lng.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.11 "message.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VBZooM <<--V1.00 "rank.php" SQL injection (21.06.2006)
 documentsecurityconnection_(at)_gmail.com, e107 v0.7.5 XSS (21.06.2006)
 documentluny_(at)_youfucktard.com, MPCS v0.2 - XSS (21.06.2006)
Files:Exploits Schoolmax Maximus iCue and iParent XSS
 Exploits vuBB <= 0.2.1 [BFA] SQL Injection, XSS, CRLF Injection, Full Path Disclosure
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server