Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:6276
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 JELSOFT : vBulletin 3.5
 VBZOOM : VBZooM 1.11
 MPCS : MPCS 0.2
 VBZOOM : VBZooM 1.00
 SAPHPLESSON : SaphpLesson 1.1
 SGAL : singapore gallery 0.10
 DKSCRIPT : Dragons Kingdom Script 1.0
 RIG : Ralf Image Gallery 0.7
CVE:CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.)
Original documentdocumentCrAzY.CrAcKeR_(at), RahnemaCo "page.php" Remote File Inclusion[2] (21.06.2006)
 documentCrAzY.CrAcKeR_(at), Module's Name Content<<--V1.0 SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at), Module's Name Downloads <<--V 7 SQL injection (21.06.2006)
 documentAesthetico, [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities (21.06.2006)
 documentCrAzY.CrAcKeR_(at), vBulletin<<--v3.5.X "member.php" Cross Site Scripting (21.06.2006)
 documentalijsb_(at), qtofilemanager xss attack ! (21.06.2006)
 documentluny_(at), V3Chat Instant Messenger - XSS (21.06.2006)
 documentluny_(at), Dragons Kingdom v1.0 - XSS & cookie disclosure (21.06.2006)
 documententrika_fs_(at), WeBBoA Hosting Script SQL Injection (21.06.2006)
 documentsimo64_(at), singapore gallery <= 0.10.0 Multiple Vulnerabilities (21.06.2006)
 documentalijsb_(at), onedotoh xss atack (21.06.2006)
 documentFixer, XSS Vulnerability in Maximus SchoolMAX (21.06.2006)
 documentCrAzY.CrAcKeR_(at), SaphpLesson<<--1.1 "misc.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at), VBZooM <<--V1.00 "lng.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at), VBZooM <<--V1.11 "message.php" SQL injection (21.06.2006)
 documentCrAzY.CrAcKeR_(at), VBZooM <<--V1.00 "rank.php" SQL injection (21.06.2006)
 documentsecurityconnection_(at), e107 v0.7.5 XSS (21.06.2006)
 documentluny_(at), MPCS v0.2 - XSS (21.06.2006)
Files:Exploits Schoolmax Maximus iCue and iParent XSS
 Exploits vuBB <= 0.2.1 [BFA] SQL Injection, XSS, CRLF Injection, Full Path Disclosure

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod