Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.08.2006
Source:
SecurityVulns ID:6549
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XOOPS : xoops 2.0
 CUTEPHP : CuteNews 1.3
 YAPIG : YaPiG 0.95
 JUPITERPORTAL : Jupiter Cms 1.1
 ASSAULTCMS : Assault Content Manager 1.2
 MAMBO : Mambo 4.6
 JOOMLA : Joomla 1.0
 BIGACE : Bigace 1.8
 JOOMLA : Joomla com_comprofiler 1.0
 EFICTION : eFiction <2.0
 CYBOZU : Cybozu Office 6.5
 CYBOZU : Cybozu Share 360 2.5
 CYBOZU : Cybozu Garoon 21
 FOTOPHOLDER : Fotopholder 2.5
CVE:CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.)
 CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.)
 CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.)
 CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.)
 CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.)
Original documentdocumentSECUNIA, [SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability (28.08.2006)
 documentTAN Chew Keong, [Full-disclosure] [vuln.sg] Cybozu Garoon 2 SQL Injection Vulnerabilities (28.08.2006)
 documentTAN Chew Keong, [Full-disclosure] [vuln.sg] Cybozu Products Arbitrary File Retrieval Vulnerability (28.08.2006)
 documentMILW0RM, eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability (28.08.2006)
 documentmatdhule_(at)_gmail.com, Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities (28.08.2006)
 documentD3nGeR_(at)_Gmail.CoM, Jetbox CMS search_function.php Remote File (28.08.2006)
 documentD3nGeR_(at)_Gmail.CoM, Jupiter CMS 1.1.5 index.php Remote File Include (28.08.2006)
 documentOmid, Sql injection in Xoops (28.08.2006)
 documentnight_warrior-_(at)_hotmail.com, AlstraSoft Video Share Enterprise Remote File Include Vulnerability (28.08.2006)
 documentvampire_chiristof_(at)_yahoo.com, Bigace 1.8.2 (GLOBALS) Remote File Inclusion (28.08.2006)
 documentRedworm_(at)_MaiL.Com, MyBB Html Injection ( XSS ) (28.08.2006)
 documentOmid, Sql injection in Mambo & Joomla (28.08.2006)
 documentstormhacker_(at)_hotmail.com, CuteNews 1.3.* Remote File Include Vulnerability (28.08.2006)
 documentKuon_(at)_Armorize.com, YaPiG thanks_comment.php Cross-Site Scripting Vulnerability (28.08.2006)
 documentmatrix_killer ma3x, Assault Content Manager v.1.2 Directory Traverlal Vulnerability (28.08.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod