Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.04.2006
Source:
SecurityVulns ID:		6065
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INVISION : Invision Power Board 2.1
		KMAIL : Kmail 2.3
		OPENWEBMAIL : Open WebMail 2.51
		NEOCROME : Land Down Under 802
		JAX : Jax Guestbook 3.41
		PHEX : Phex 2.8
		NETWORKADMINISTR : Network Administration Visualized 3.0
		TRAC : Trac Wiki 0.9
CVE:		CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.)

Original document		outlaw_(at)_aria-security.net, Cireos Portal Cross Site Scripting (28.04.2006)
		SECUNIA, [SA19870] Trac Wiki Macro Script Insertion Vulnerability (28.04.2006)
		SECUNIA, [SA19849] Network Administration Visualized SQL Injection Vulnerability (28.04.2006)
		SECUNIA, [SA19824] Phex Chat Request Handling Weakness (28.04.2006)
		SECUNIA, [SA19843] Jax Guestbook "page" Cross-Site Scripting Vulnerability (28.04.2006)
		Advisory_(at)_Aria-Security.net, Land Down Under 802 and below version Path Disclosure Vulnerability (28.04.2006)
		satanchild123_(at)_hotmail.com, SQL injection exploit IPB <= 2.1.4 (28.04.2006)
		r0t, Kmail <=2.3 vuln. (28.04.2006)
		r0t, Open WebMail <=2.51 XSS vuln. (28.04.2006)

Files:		Invision Power Board 2.* commands execution exploit
		Invision Power Board 2.1.5 POC
Discuss:		Read or add your comments to this news (0 comments)