Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		27.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6654
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		VBULLETIN : Vbulletin 2.3
		PHPMYCHAT : phpMyChat 0.14
		QB : QuickBlogger 1.4
		VTIGER : Vtiger CRM 5
		WEBNEWS : webnews 1.4
		JAF : JAF CMS 4.0
		PHPINVOICE : PHP Invoice 2.2
		PHPMYCHAT : phpMyChat 0.1
		BACKEND : Back-end 0.4
		PHPNEWS : php_news 2.0
		DANPHPSUPPORT : DanPHPSupport 0.5

Original document		h4ck3riran_(at)_yahoo.com, WebspotBlogging => 3.0 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, php_news => 2.0 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, Back-end => 0.4.5 Remote File Include Vulnerabilities (27.09.2006)
		HACKERS PAL, CubeCart Multiple input Validation vulnerabilities (27.09.2006)
		HACKERS PAL, Vbulletin 2.X sql injection (27.09.2006)
		chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion (27.09.2006)
		meto5757_(at)_hotmail.com, PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln. (27.09.2006)
		stormhacker_(at)_hotmail.com, WD25:- Deparcq Pieter project File Include Vulnerability (27.09.2006)
		nanoymaster_(at)_gmail.com, JAF CMS 4.0 RC1 multiple vulnerabilities (27.09.2006)
		ali ali, webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit (27.09.2006)
		crackers child, phpMyChat 0.14.5 Remote File Include Vulnerability (27.09.2006)
		crackers child, vtiger CRM 5 Beta Remote File Include Vulnerability (27.09.2006)

Files:		CubeCart Remote sql injection exploit
Discuss:		Read or add your comments to this news (0 comments)