Computer Security
[EN] securityvulns.ru
no-pyccku

  

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.08.2006
Source:BUGTRAQ
SecurityVulns ID:6434
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPADSNEW : phpAdsNew 2.0
 ATUTOR : ATutor 1.5
 MYBB : MyBB 1.3
 MYNEWSGROUPS : MyNewsGroups 0.6
 NETIOUS : Netious CMS 0.4
 COPPERMINE : Coppermine Photo Gallery 1.2
 MAMBO : Mambo Gallery Manager 095
 PHPAUCTION : PHPAuction 2.1
 COMEPLAYDYING : Seir Anphin 666 Community Management System
 NEWSLETTER : NewsLetter 3.5
 NEWSREPORTER : newsReporter 1.0
 KNUSPERLEICHT : Guestbook 3.5
 KNUSPERLEICHT : FAQ Script 1.0
 SHOUTBOX : ShoutBox 4.4
 WOWROSTER : WoW Roster 1.5
 JETBOX : Jetbox CMS 2.1
 XSTATICS : X-Statics 1.20
 XSTATICS : X-Protection 1.10
 XPOLL : X-Poll 1.10
 BANEX : Banex 2.21
 INM : Content Management Framework G3
Original documentdocumentStefan Friedli, [Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function (02.08.2006)
 documentEduardo Vela, [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability (02.08.2006)
 documentEduardo Vela, [Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability (02.08.2006)
 documentEduardo Vela, [Full-disclosure] X-Poll SQL Injection Vulnerability (02.08.2006)
 documentEduardo Vela, [Full-disclosure] TinyPHPForum Multiple Vulnerabilities (02.08.2006)
 documentEduardo Vela, [Full-disclosure] SQLiteWebAdmin multiple Vulnerabilities (02.08.2006)
 documentEduardo Vela, [Full-disclosure] Banex Multiple Vulnerabilities (02.08.2006)
 documentEduardo Vela, [Full-disclosure] Ajax Chat Multiple Vulnerabilities (02.08.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities (02.08.2006)
 documentAG Spider, WoW Roster <= 1.5.x Remote File Include (hsList.php) (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 20 ] Quickie Remote Command Execution (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 19 ] FileManager Remote Command Execution (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 18 ] FAQ Script Remote Command Execution (02.08.2006)
 documentCyber Lords, SQL-Injection in site@x (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution (02.08.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution (02.08.2006)
 documentphilipp.niedziela_(at)_gmx.de, NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit (02.08.2006)
 documentphilipp.niedziela_(at)_gmx.de, MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability (02.08.2006)
 documentvulnerabilities_(at)_mail.ru, SQL injection Seir Anphin v666 Community Management System (02.08.2006)
 documentphilipp.niedziela_(at)_gmx.de, PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI (02.08.2006)
 documentSaudi Hackrz, com_moskool (admin.moskool.php) Remote File Include Vulnerabilities (02.08.2006)
 documentdr.jr7_(at)_hotmail.com, artlinks Mambo Component <= Remote Include Vulnerability (02.08.2006)
 documentdr.jr7_(at)_hotmail.com, mambatstaff Mambo Component <= Remote Include Vulnerability (02.08.2006)
 documentroozbeh afrasiabi, [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php (02.08.2006)
 documentA-S-T2006_(at)_hotmail.com, Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities (02.08.2006)
 documentnewbinaryfile_(at)_gmail.com, XSS vulnerability on AWBS (02.08.2006)
 documentA-S-T2006_(at)_hotmail.com, Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities (02.08.2006)
 documentJacek, Netious CMS <= 0.4 SQL Injection and Session Management Vulnerabilities (02.08.2006)
Files:Exploits ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure
 TinyPHPForum 3.6 Admin Maker

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru