Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.06.2006
Source:
SecurityVulns ID:6295
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WAGORA : W-Agora 4.2
 COPPERMINE : Coppermine Photo Gallery 1.4
 WBB : WBB 2.3
 MYBB : MyBB 1.1
 DREAMACCOUNT : DREAMACCOUNT 3.1
 QATRAQ : QaTraq 6.5
 AEDATING : aeDating 4.1
 DATETOPIA : Dating Agent PRO 4.7
 NETSOFT : SmartNet 2.0
 ECBD : Custom dating biz@ dating script 1.0
 WBB : WBB 1.2
 PHPBLUEDRAGON : PHPBlueDragon 2.9
 NAMO : Namo DeepSearch 4.5
 SOFTBIZSCRIPTS : Softbiz Dating 1.0
CVE:CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.)
Original documentdocumentKARKOR23_(at)_hotmail.com, DREAMACCOUNT V3.1 Remote Command Execution Exploit (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, Softbiz Dating 1.0 SQL injection (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v2.0 RC2 "newthread.php" SQL Injection (25.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060622-2] Namo DeepSearch 4.5 Cross-Site Scripting Vulnerability (25.06.2006)
 documentrozowa.landrynka_(at)_spam.nation.pl, phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v2.3.1"report.php" SQL Injection (25.06.2006)
 documentdedi dwianto, [ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion (25.06.2006)
 documentSilitix, Calendar ( Provided by Codewalkers ) - SQL Injection (25.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, WBB<<---v1.2 "showmods.php" SQL Injection (25.06.2006)
 documentimei, [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access (25.06.2006)
 documentluny_(at)_youfucktard.com, Dating biz@ dating script v1.0 - XSS (25.06.2006)
 documentsoltan_defacer_(at)_yahoo.com, productcart soltan_defacer (25.06.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, Dating Agent PRO 4.7.1 Vulnerability (25.06.2006)
 documentsecurityconnection_(at)_gmail.com, aeDating 4.1 XSS (25.06.2006)
 documentimei, [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables (25.06.2006)
 documentenji_(at)_seclab.tuwien.ac.at, QaTraq 6.5 RC: Multiple XSS Vulnerabilities (25.06.2006)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server