Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 04.09.2006
Source:
SecurityVulns ID: 6571
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: YAPPANG : yappa-ng 2.3
E107 : e107 0.7
VTIGER : Vtiger CRM 4.2
PMWIKI : PmWiki 2.1
ANNUAIRE : Annuaire 1Two 2.2
SMF : SMF 1.1
MUFORUM : µforum 0.4
DYNCMS : Dyn CMS 6
MURATSOFT : Muratsoft Haber Portal 3.6
FLASHCHAT : FlashChat 4.5
INPORTAL : in-link 2.3
MICROFORUM : microforum 0.4
PHPNUKE : PHP-Nuke MyHeadlines 4.3
PHPIADDRESSBOOK : PHP iAddressbook 0.95
TRFORUM : Tr Forum 2.0
SIMPLEBLOG : SimpleBlog 2.3

Original document MILW0RM, SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability (04.09.2006)

tugra_(at)_local-root.org, The Amazing Little Poll Admin Pwd (04.09.2006)

SECUNIA, [SA21653] PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting (04.09.2006)

SECUNIA, [SA21742] microforum "members.dat" Exposure of User Credentials (04.09.2006)

document Saudi Hackrz, in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit (04.09.2006)

SHiKaA-_(at)_hotmail.com, yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit (04.09.2006)

NeXtMaN, FlashChat <= 4.5.7 (aedating4CMS.php) Remote File Include Vulnerability (04.09.2006)

document admin_(at)_asianeagle.org, Muratsoft Haber Portal v3.6 (tr) SQL Injection Vulnerability (04.09.2006)

SECUNIA, [SA21728] vtiger CRM Script Insertion and Administrative Modules Access (04.09.2006)

SHiKaA-_(at)_hotmail.com, Dyn CMS <= REleased (x_admindir) Remote File Inclusion Exploit (04.09.2006)

document Omid, Sql injections in e107 [Admin section] (04.09.2006)

Omid, Sql injections in e107 [Admin section] (04.09.2006)

exe_crack_(at)_hotmail.com, XXS in Powered by vbzoom (04.09.2006)

Peko Takov, XSS in Web Wiz Forums (04.09.2006)

Files: muforumex.pl
Annuaire 1Two 2.2 Remote SQL Injection Exploit
PmWiki <= 2.1.19 Zend_Hash_Del_Key_Or_Index/remote commands execution exploit
Exploits Tr Forum V2.0 Admin MD5 Passwd Hash Disclosure
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server