Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 04.07.2006
Source:
SecurityVulns ID: 6334
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: INVISION : Invision Power Board 1.3
INVISION : Invision Power Board 2.1
WORDPRESS : WordPress 2.0
PLUMECMS : Plume CMS 1.0
GLOSSAIRE : Glossaire 1.7
JMBSOFT : AutoRank Pro 5.01
JMBSOFT : AutoRank PHP 3.02
FREEQBOARD : Free QBoard v1.1
PERLFORUMS : Pearl Forums 2.4
PEARLFORUMS : Ngoc Biec 1.4
PEARLFORUMS : Pearl For Biz 2.4
PEARLFORUMS : Pearl For Mambo 1.6
QTOFILEMANAGER : QTOFileManager 1.0
MP3NETBOX : Mp3netbox Beta 1
EFONE : efone 20000723
KAMIKAZEQSCM : Kamikaze-QSCM 0.1
BBNEWS : Blueboy 1.0.3
FOROS : Foros 1.0
TBE : The Banner Engine 4.0
WEPPOS : ASP Stats Generator 2.1
MKPORTAL : MKPortal 1.0
VINCENT : LECLERCQ News 5.5
GALLERIA : galleria 1.0

Original document ineal_(at)_gmail.com, galleria <= 1.0 Remote File Inclusion Vulnerability (04.07.2006)

SECUNIA, [SA20936] Vincent LECLERCQ News Cross-Site Scripting and SQL Injection (04.07.2006)

SECUNIA, [SA20901] FineShop Cross-Site Scripting and SQL Injection (04.07.2006)

SECUNIA, [SA20884] MKPortal "ind" Local File Inclusion Vulnerability (04.07.2006)

document SECUNIA, [SA20930] Invision Power Board Cross-Site Scripting and Security Bypass (04.07.2006)

SECURITEAM, [NT] ASP Stats Generator Multiple Vulnerabilities (SQL Injection, Code Execution) (04.07.2006)

Marc Ruef, [Full-disclosure] [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection (04.07.2006)

document securityconnection_(at)_gmail.com, TBE 4.0 XSS (04.07.2006)

gmdarkfig_(at)_gmail.com, 5 php scripts remote database password disclosure (04.07.2006)

Breeeeh_(at)_hotmail.com, Invision Power Board v1.3 Final SQL Injection (04.07.2006)

securityconnection_(at)_gmail.com, QTOFileManager 1.0 (04.07.2006)

document BoNy-m_(at)_hotmail.com, popup Vacation Rentals[calendar_year.php] SQL Injection (04.07.2006)

xzerox_(at)_linuxmail.org, Pearl Products Multiple Remote File Inclusion (04.07.2006)

KARKOR23_(at)_hotmail.com, free QBoard v1.1 Multiple Remote File include (04.07.2006)

KARKOR23_(at)_hotmail.com, plume-cms v1.0.4 Multiple Remote File include (04.07.2006)

document Aesthetico, WordPress 2.0.3 SQL Error and Full Path Disclosure (04.07.2006)

Aesthetico, [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure (04.07.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, Glossaire<<--v1.7 Remote File Include (04.07.2006)

zeberus__(at)_hotmail.com, Php-Fusion (Xss) With Avatar Upload (04.07.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server