|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 31.08.2006 | | Source: |  | | | SecurityVulns ID: |  | 6559 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | OSCOMMERCE : osCommerce 2.2 | | | | EZCONTENTS : ezContents 2.0 | | | | IWEBNEGAR : IwebNegar 1.1 | | | | EXBB : ExBB 1.9 | | | | PHPATM : phpAtm 1.21 | | | | NUKEDKLAN : Nuked-Klan 1.7 | | | | CUBECART : CubeCart 3.0 | | | | MYBB : MyBB 1.1 | | | | HLSTATS : HLStats 1.34 | | | | ZTML : Ztml 1.0 | | | | YACS : YACS CMS 6.6 | | | | PHEAP : Pheap CMS 1.1 | | | | DMO : dmo 2.3 | | CVE: |  | CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.) |
| Original document |  | erdc_(at)_echo.or.id, [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion (31.08.2006) |
| | | SECUNIA, [SA21659] CubeCart Multiple Vulnerabilities (31.08.2006) |
| | | MILW0RM, phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities (31.08.2006) |
| | | MILW0RM, YACS CMS <= 6.6.1 context[path_to_root] Remote File Include Vuln (31.08.2006) |
| | | Chris Travers, SQL-Ledger serious security vulnerability and workaround (31.08.2006) |
| | | Hessam Salehi, Ezportal/Ztml v1.0 Multiple vulnerabilities (31.08.2006) |
| | | Hessam Salehi, IwebNegar v1.1 Multiple vulnerabilities (31.08.2006) |
| | | blwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006) |
| | | blwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006) |
| | | MC Iglo, XSS in HLstats 1.34 (31.08.2006) |
| | | farhad koosha, [KAPDA::#56] - FREEKOT SQL Injection Vulnerability (31.08.2006) |
| | | gmdarkfig_(at)_gmail.com, ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS (31.08.2006) |
| | | Jonathan Rockway, feedsplitter considered harmful (31.08.2006) |
| | | imei, [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack (31.08.2006) |
| | | imei, [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack (31.08.2006) |
|
|
|
|
|
