Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		04.07.2006
Source:
SecurityVulns ID:		6334
Type:		remote
Threat Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INVISION : Invision Power Board 1.3
		INVISION : Invision Power Board 2.1
		WORDPRESS : WordPress 2.0
		PLUMECMS : Plume CMS 1.0
		GLOSSAIRE : Glossaire 1.7
		JMBSOFT : AutoRank Pro 5.01
		JMBSOFT : AutoRank PHP 3.02
		FREEQBOARD : Free QBoard v1.1
		PERLFORUMS : Pearl Forums 2.4
		PEARLFORUMS : Ngoc Biec 1.4
		PEARLFORUMS : Pearl For Biz 2.4
		PEARLFORUMS : Pearl For Mambo 1.6
		QTOFILEMANAGER : QTOFileManager 1.0
		MP3NETBOX : Mp3netbox Beta 1
		EFONE : efone 20000723
		KAMIKAZEQSCM : Kamikaze-QSCM 0.1
		BBNEWS : Blueboy 1.0.3
		FOROS : Foros 1.0
		TBE : The Banner Engine 4.0
		WEPPOS : ASP Stats Generator 2.1
		MKPORTAL : MKPortal 1.0
		VINCENT : LECLERCQ News 5.5
		GALLERIA : galleria 1.0

Original document		ineal_(at)_gmail.com, galleria <= 1.0 Remote File Inclusion Vulnerability (04.07.2006)
		SECUNIA, [SA20936] Vincent LECLERCQ News Cross-Site Scripting and SQL Injection (04.07.2006)
		SECUNIA, [SA20901] FineShop Cross-Site Scripting and SQL Injection (04.07.2006)
		SECUNIA, [SA20884] MKPortal "ind" Local File Inclusion Vulnerability (04.07.2006)
		SECUNIA, [SA20930] Invision Power Board Cross-Site Scripting and Security Bypass (04.07.2006)
		SECURITEAM, [NT] ASP Stats Generator Multiple Vulnerabilities (SQL Injection, Code Execution) (04.07.2006)
		Marc Ruef, [Full-disclosure] [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection (04.07.2006)
		securityconnection_(at)_gmail.com, TBE 4.0 XSS (04.07.2006)
		gmdarkfig_(at)_gmail.com, 5 php scripts remote database password disclosure (04.07.2006)
		Breeeeh_(at)_hotmail.com, Invision Power Board v1.3 Final SQL Injection (04.07.2006)
		securityconnection_(at)_gmail.com, QTOFileManager 1.0 (04.07.2006)
		BoNy-m_(at)_hotmail.com, popup Vacation Rentals[calendar_year.php] SQL Injection (04.07.2006)
		xzerox_(at)_linuxmail.org, Pearl Products Multiple Remote File Inclusion (04.07.2006)
		KARKOR23_(at)_hotmail.com, free QBoard v1.1 Multiple Remote File include (04.07.2006)
		KARKOR23_(at)_hotmail.com, plume-cms v1.0.4 Multiple Remote File include (04.07.2006)
		Aesthetico, WordPress 2.0.3 SQL Error and Full Path Disclosure (04.07.2006)
		Aesthetico, [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure (04.07.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, Glossaire<<--v1.7 Remote File Include (04.07.2006)
		zeberus__(at)_hotmail.com, Php-Fusion (Xss) With Avatar Upload (04.07.2006)