Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.04.2006
Published: 26.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6028
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: INVISION : Invision Power Board 2.1
RECHNUNGSZENTRAL : RechnungsZentrale 2
PHPSURVEYOR : PHPSurveyor 0.995
AWSTATS : AWStats 6.5
PORTALPACK : Portal Pack 6.0
AASIMEDIA : Net Clubs Pro 4.0
GREENMINUTE : Green Minute 1.0
MDNEWS : MD News 1.0
NT : N.T. 1.1
PCPIN : PCPIN Chat 5.0
ASPSITEM : ASPSitem 1.83
WWWTHREAD : WWWThread RC 3
MANICWEB : MWGuest 2.1

Original document Marko Seppänen, Article suggestion: "wannabe security group members" doing harm to software developers (26.05.2006)

Aliaksandr Hartsuyeu, [eVuln] MWGuest XSS Vulnerability (20.04.2006)

r0t, AWStats 6.5.x multiple vuln. (20.04.2006)

SECUNIA, [SA19717] W2B Online Banking "SID" Cross-Site Scripting Vulnerability (20.04.2006)

document SECUNIA, [SA19684] I-Rater Platinum "include_path" Parameter File Inclusion Vulnerability (20.04.2006)

botan_(at)_linuxmail.org, ContentBoxx Login.php Cross-Site Scripting (20.04.2006)

o.y.6_(at)_hotmail.com, WWWThread RC 3 MultBugs (20.04.2006)

n0m3rcy_(at)_bsdmail.org, Shbablek Mail Vulnerablitiy - Cross-Site Scripting (20.04.2006)

document qex_(at)_bsdmail.org, ThWboard <= 3 Beta 2.84 SQL Injection (20.04.2006)

info_(at)_g-0.org, RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities (20.04.2006)

Mustafa Can Bjorn IPEKCI, ASPSitem <= 1.83 Remote SQL Injection Vulnerability (20.04.2006)

document Aliaksandr Hartsuyeu, [eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities (20.04.2006)

Aliaksandr Hartsuyeu, [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities (20.04.2006)

botan_(at)_linuxmail.org, EasyGallery Cross-Site Scripting (20.04.2006)

document r0t, W2B Online Banking vuln. (20.04.2006)

r0t, Green Minute SQL inj. vuln. (20.04.2006)

r0t, Net Clubs Pro XSS vuln (20.04.2006)

r0t, Portal Pack 6 XSS vuln. (20.04.2006)

r0t, IPB <= 2.1.5 SQL inj. vuln. (20.04.2006)

Files: PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn
ASPSitem <= 1.83 Remote SQL Injection Exploit
PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin