Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 19.09.2006
Source:
SecurityVulns ID: 6627
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: ARTMEDIC : Artmedic Links 5.0
MOODLE : Moodle 1.6
MYBB : MyBB 1.2
TECHNODREAMS : Techno Dreams FAQ Manager 1.0
TECHNODREAMS : Techno Dreams Articles&Papers 2.0
ECARDPRO : ECardPro 2.0
PLUMECMS : Plume CMS 1.1
HITWEB : HitWeb 3.0
CHARON : Charon Cart 3
QUADCOMM : Q-Shop 3.5
ESHIPPINGPRO : EShoppingPro 1.0
PHOTOPOST : PhotoPost PHP 4.6
CVE: CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.)
CVE-2006-7021 (PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.)

Original document ali_(at)_hackerz.ir, BizDirectory all version xss (19.09.2006)

AG- Spider, PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability (19.09.2006)

Omid, Sql injection in Moodle (19.09.2006)

HACKERS PAL, MyBB 1.2 Full path and Cross site scripting vulnerabilities (19.09.2006)

document ajannhwt_(at)_hotmail.com, Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability (19.09.2006)

ajannhwt_(at)_hotmail.com, EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability (19.09.2006)

ajannhwt_(at)_hotmail.com, Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability (19.09.2006)

document erne_(at)_ernealizm.com, HitWeb v3.0 - Remote File Include Vulnerabilities (19.09.2006)

D3nGeR_(at)_Gmail.CoM, Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability (19.09.2006)

HACKERS PAL, PHP-Post Multiple Input Validation Vulnerabilities (19.09.2006)

simo64_(at)_morx.org, PHPQuiz Multiple Remote Vulnerabilites (19.09.2006)

document ali_(at)_hackerz.ir, NixieAffiliate all version bypass admin and xss (19.09.2006)

ajannhwt_(at)_hotmail.com, ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability (19.09.2006)

ajannhwt_(at)_hotmail.com, Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability (19.09.2006)

document ajannhwt_(at)_hotmail.com, Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability (19.09.2006)

azzcoder_(at)_hotmail.com, AzzCoder => PNphpBB (Latest) Remote File Include (19.09.2006)

botan_(at)_linuxmail.org, [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability (19.09.2006)

document meto5757_(at)_hotmail.com, eSyndiCat Portal System XSS Vuln. (19.09.2006)

Files: PHP-post remote sql injection make phpshell
PHPQuiz v.1.2 Remote SQL injection/Code Execution Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server