Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.04.2006
Source:
SecurityVulns ID:6065
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 2.1
 KMAIL : Kmail 2.3
 OPENWEBMAIL : Open WebMail 2.51
 NEOCROME : Land Down Under 802
 JAX : Jax Guestbook 3.41
 PHEX : Phex 2.8
 NETWORKADMINISTR : Network Administration Visualized 3.0
 TRAC : Trac Wiki 0.9
CVE:CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.)
Original documentdocumentoutlaw_(at)_aria-security.net, Cireos Portal Cross Site Scripting (28.04.2006)
 documentSECUNIA, [SA19870] Trac Wiki Macro Script Insertion Vulnerability (28.04.2006)
 documentSECUNIA, [SA19849] Network Administration Visualized SQL Injection Vulnerability (28.04.2006)
 documentSECUNIA, [SA19824] Phex Chat Request Handling Weakness (28.04.2006)
 documentSECUNIA, [SA19843] Jax Guestbook "page" Cross-Site Scripting Vulnerability (28.04.2006)
 documentAdvisory_(at)_Aria-Security.net, Land Down Under 802 and below version Path Disclosure Vulnerability (28.04.2006)
 documentsatanchild123_(at)_hotmail.com, SQL injection exploit IPB <= 2.1.4 (28.04.2006)
 documentr0t, Kmail <=2.3 vuln. (28.04.2006)
 documentr0t, Open WebMail <=2.51 XSS vuln. (28.04.2006)
Files:Invision Power Board 2.* commands execution exploit
 Invision Power Board 2.1.5 POC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod