Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 27.04.2006
Source: BUGTRAQ
SecurityVulns ID: 6063
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: DEVBB : DevBB 1.0
OPENBB : OpenBB 1.0
PHPNUKE : PHP-Nuke 7.9
MYBB : MyBB 1.1
WARFORGE : warforge.NEWS 1.0
MYSMARTBB : MySmartBB 1.1
CVE: CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)

Original document o.y.6_(at)_hotmail.com, MyBB 1.1.1 Local SQL Injections (27.04.2006)

Aliaksandr Hartsuyeu, [eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities (27.04.2006)

outlaw_(at)_aria-security.net, SQL Injection On DUportal (27.04.2006)

outlaw_(at)_aria-security.net, XXS Attack On FarsiNews (27.04.2006)

document outlaw_(at)_aria-security.net, Local XXS Attack On CuteNews (27.04.2006)

qex_(at)_bsdmail.org, Open Bulletin Board < Multiple Vulnerability (27.04.2006)

qex_(at)_bsdmail.com, DevBB <= 1.0.0 XSS (27.04.2006)

BoNy-m_(at)_hotmail.com, MySmartBB<---v 1.1.x SQL Injection/XSS (27.04.2006)

document Private Private, PHPNuke All Version EnhancedSearch Module SQL Injection Exploit {!} (27.04.2006)

yamcho_(at)_email.it, warforge.NEWS (27.04.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod