Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		02.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6434
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPADSNEW : phpAdsNew 2.0
		ATUTOR : ATutor 1.5
		MYBB : MyBB 1.3
		MYNEWSGROUPS : MyNewsGroups 0.6
		NETIOUS : Netious CMS 0.4
		COPPERMINE : Coppermine Photo Gallery 1.2
		MAMBO : Mambo Gallery Manager 095
		PHPAUCTION : PHPAuction 2.1
		COMEPLAYDYING : Seir Anphin 666 Community Management System
		NEWSLETTER : NewsLetter 3.5
		NEWSREPORTER : newsReporter 1.0
		KNUSPERLEICHT : Guestbook 3.5
		KNUSPERLEICHT : FAQ Script 1.0
		SHOUTBOX : ShoutBox 4.4
		WOWROSTER : WoW Roster 1.5
		JETBOX : Jetbox CMS 2.1
		XSTATICS : X-Statics 1.20
		XSTATICS : X-Protection 1.10
		XPOLL : X-Poll 1.10
		BANEX : Banex 2.21
		INM : Content Management Framework G3

Original document		Stefan Friedli, [Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function (02.08.2006)
		Eduardo Vela, [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability (02.08.2006)
		Eduardo Vela, [Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability (02.08.2006)
		Eduardo Vela, [Full-disclosure] X-Poll SQL Injection Vulnerability (02.08.2006)
		Eduardo Vela, [Full-disclosure] TinyPHPForum Multiple Vulnerabilities (02.08.2006)
		Eduardo Vela, [Full-disclosure] SQLiteWebAdmin multiple Vulnerabilities (02.08.2006)
		Eduardo Vela, [Full-disclosure] Banex Multiple Vulnerabilities (02.08.2006)
		Eduardo Vela, [Full-disclosure] Ajax Chat Multiple Vulnerabilities (02.08.2006)
		SECUNIA, [Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities (02.08.2006)
		AG Spider, WoW Roster <= 1.5.x Remote File Include (hsList.php) (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 20 ] Quickie Remote Command Execution (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 19 ] FileManager Remote Command Execution (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 18 ] FAQ Script Remote Command Execution (02.08.2006)
		Cyber Lords, SQL-Injection in site@x (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution (02.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution (02.08.2006)
		philipp.niedziela_(at)_gmx.de, NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit (02.08.2006)
		philipp.niedziela_(at)_gmx.de, MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability (02.08.2006)
		vulnerabilities_(at)_mail.ru, SQL injection Seir Anphin v666 Community Management System (02.08.2006)
		philipp.niedziela_(at)_gmx.de, PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI (02.08.2006)
		Saudi Hackrz, com_moskool (admin.moskool.php) Remote File Include Vulnerabilities (02.08.2006)
		dr.jr7_(at)_hotmail.com, artlinks Mambo Component <= Remote Include Vulnerability (02.08.2006)
		dr.jr7_(at)_hotmail.com, mambatstaff Mambo Component <= Remote Include Vulnerability (02.08.2006)
		roozbeh afrasiabi, [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php (02.08.2006)
		A-S-T2006_(at)_hotmail.com, Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities (02.08.2006)
		newbinaryfile_(at)_gmail.com, XSS vulnerability on AWBS (02.08.2006)
		A-S-T2006_(at)_hotmail.com, Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities (02.08.2006)
		Jacek, Netious CMS <= 0.4 SQL Injection and Session Management Vulnerabilities (02.08.2006)

Files:		Exploits ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure
		TinyPHPForum 3.6 Admin Maker
Discuss:		Read or add your comments to this news (0 comments)