Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.08.2006
Published: 23.08.2006
Source:
SecurityVulns ID: 6520
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: WOLTLAB : Woltlab Burning Board 2.3
JELSOFT : vBulletin 3.5
JOOMLA : Joomla x-shop 1.7
JOOMLA : Joomla Rssxt 1.0
JOOMLA : Joomla Kochsuite 0.9
JOOMLA : Joomla MamboWiki 0.9
JOOMLA : Joomla poll 1.0
MAMBO : Mambo Ako Comments 1.1
MAMBO : Mambo com_cropimage 1.0
SONIUM : Sonium Enterprise Adressbook 0.2
SOLMETRA : Spaw Editor 1.7
SOLMETRA : Spaw Editor 1.6
XENOBB : XenoBB 2.2
SPORTSPHOOL : SportsPHool 1.0
PHLYMAIL : PHlyMail Lite 3.4
LBLOG : LBlog 1.05
WEBADMIN : WebAdmin 3.25
MAMBO : MAMBO bigAPE-Backup 1.1
TUTTINOVA : Tutti Nova 1.6
DOLPHIN : Dolphin 5.2
DOIKA : Doika guestbook 2.5
CITYFORFREE : indexcity 1.0
EMPIRE : Empire CMS 3.7
DRUPAL : Drupal Easylinks 4.7
DRUPAL : Drupal E-Commerce 4.7
MAILWF : mail f/w 8.2
TIKIWIKI : tikiwiki 1.9
FANTASTICNEWS : Fantastic News 2.1
CPANEL : cPanel 10.8
ONEORZERO : OneOrZero Helpdesk 1.6
TOENDA : ToendaCMS 1.0
MAMBO : mtg_myhomepage Component For Mambo 4.5

Original document SECUNIA, [SA21543] mail f/w system Mail Header Injection Vulnerability (23.08.2006)

SECUNIA, [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities (23.08.2006)

SECUNIA, [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection (23.08.2006)

SECUNIA, [SA21584] Empire CMS "check_path" File Inclusion Vulnerability (23.08.2006)

document SECUNIA, [SA21536] TikiWiki "highlight" Cross-Site Scripting Vulnerability (23.08.2006)

SECUNIA, [SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities (23.08.2006)

SECUNIA, [SA21549] Doika Guestbook "page" Script Insertion Vulnerability (23.08.2006)

SECUNIA, [SA21560] Links Manager SQL Injection and Script Insertion Vulnerabilites (23.08.2006)

document SECUNIA, [SA21535] Dolphin "dir[inc]" File Inclusion Vulnerability (23.08.2006)

h4ck3riran_(at)_yahoo.com, ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include (21.08.2006)

outlaw_(at)_aria-security.net, Mambo Component - EstateAgent Remote File Inclusion (21.08.2006)

document outlaw_(at)_aria-security.net, Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)

outlaw_(at)_aria-security.net, Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)

SECUNIA, [SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities (21.08.2006)

document SECUNIA, [SA21571] Fantastic News "CONFIG[script_path]" File Inclusion Vulnerability (21.08.2006)

SECUNIA, [SA21574] Mambo bigAPE-Backup Component File Inclusion Vulnerability (21.08.2006)

SECUNIA, [SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure (21.08.2006)

document SECUNIA, [SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability (21.08.2006)

SECUNIA, [SA21596] LBlog "id" SQL Injection Vulnerability (21.08.2006)

SECUNIA, [SA21582] PHlyMail Lite "_PM_[path][handler]" File Inclusion Vulnerability (21.08.2006)

SECUNIA, [SA21593] NES Game & NES System "phphtmllib" File Inclusion (21.08.2006)

document SECUNIA, [SA21594] SportsPHool "mainnav" File Inclusion Vulnerability (21.08.2006)

SECUNIA, [SA21592] cPanel Multiple Cross-Site Scripting Vulnerabilities (21.08.2006)

ZeberuS_(at)_ZeberuS.Com, WoltLab Burning Board 2.3.5(WBB) in XSS (21.08.2006)

Chironex Fleckeri, LBlog <= "comments.asp" SQL Injection Exploit (21.08.2006)

document botan_(at)_linuxmail.org, [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability (21.08.2006)

outlaw_(at)_aria-security.net, Modification For OpenSEF Remote file Inclusion (21.08.2006)

philipp.niedziela_(at)_gmx.de, Sonium Enterprise Adressbook Version 0.2 (folder) RFI (21.08.2006)

document vampire_chiristof_(at)_yahoo.com, OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS (21.08.2006)

dicomdk_(at)_gmail.com, UPDATE vBulletin Version 3.5.4 exploit (21.08.2006)

preth00nker_(at)_gmail.com, Multiple xxs cPanel 10 (21.08.2006)

outlaw_(at)_aria-security.net, mambo-phphop Product Scroller Module R.F.I (21.08.2006)

document crackers_child_(at)_sibersavascilar.com, Mambo jim Component Remote Include Vulnerability (21.08.2006)

crackers_child_(at)_sibersavascilar.com, contentpublisher Mambo Component Remote File Include Vulnerabilities (21.08.2006)

bilkopat_(at)_hotmail.com, Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability (21.08.2006)

document x0r0n_(at)_hotmail.com, Mambo com_cropimage 1.0 Component Remote Include Vulnerability (21.08.2006)

outlaw_(at)_aria-security.net, Mambo CatalogShop Remote File Inclusion (21.08.2006)

outlaw_(at)_aria-security.net, Ako Comments (mod) Remote File Inclusion (21.08.2006)

erne_(at)_ernealizm.com, Joomla RFİ ( ERNE ) (21.08.2006)

document alireza hassani, [KAPDA::#55] - Joomla poll component vulnerability (21.08.2006)

camino_(at)_sexmagnet.com, Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability (21.08.2006)

camino_(at)_sexmagnet.com, Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability (21.08.2006)

document crackers_child_(at)_sibersavascilar.com, anjel Mambo Component Remote File Include (21.08.2006)

crackers_child_(at)_sibersavascilar.com, Joomla Rssxt <= 1.0 Remote File Include Vulnerability (21.08.2006)

crackers_child_(at)_sibersavascilar.com, Joomla x-shop <= 1.7 Remote File Include Vulnerability (21.08.2006)

document outlaw_(at)_aria-security.net, mtg_myhomepage Component For Mambo R.F.I (21.08.2006)

Files: vBulletin Version 3.5.4 exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin