Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.09.2006
Source:
SecurityVulns ID:6655
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPTIAL : Opial Audio/Video Download Management 1.0
 COMDEV : Comdev Events Calendar 3.1
 COMDEV : Comdev Newsletter 3.1
 COMDEV : Comdev FAQ Support 3.1
 COMDEV : Comdev Guestbook 3.1
 COMDEV : Comdev eCommerce 3.1
 COMDEV : Comdev CSV Importer 3.1
 COMDEV : Comdev Web Blogger 3.1
 COMDEV : Comdev Customer Helpdesk 3.1
 COMDEV : Comdev Vote Caster 3.1
 COMDEV : Comdev Contact Form 3.1
 COMDEV : Comdev News Publisher 3.1
 COMDEV : Comdev Photo Gallery 3.1
 COMDEV : Comdev Links Directory 3.1
 VIRTUEMART : VirtueMart Joomla eCommerce Edition 1.0
 ABLOG : A-Blog 2.0
 NEWSWRITER : Newswriter SW 1.42
 KIETU : Kietu 4.0
 EYEOS : eyeOS 0.9
 PABUGS : psBugs 2.0
CVE:CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.)
 CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentSECUNIA, [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities (28.09.2006)
 documentSECUNIA, [SA22092] Opial Audio/Video Download Management Cross-Site Scripting (28.09.2006)
 documentSECUNIA, [SA22117] eyeOS Cross-Site Scripting Vulnerabilities (28.09.2006)
 documentD_7J, Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit (28.09.2006)
 documentco-type_(at)_hotmail.com, Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability (28.09.2006)
 documentv1per-haCker, A-Blog v2.0 Remote File Include (28.09.2006)
 documentifx_(at)_cupu.us, bug com_madeira (28.09.2006)
 documentBase64, VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities (28.09.2006)
 documentstormhacker_(at)_hotmail.com, net2ftp: a web based FTP client :) <= Remote File Inclusion (28.09.2006)
 documentvannovax_(at)_gmail.com, MkPortal Cross Site Scripting (All versions) xSS (28.09.2006)
 documentstormhacker_(at)_hotmail.com, PHPSelect Web Development Division <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Newsletter 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev FAQ Support 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Guestbook 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev eCommerce 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev CSV Importer 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Web Blogger 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Vote Caster 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Contact Form 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev News Publisher 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Photo Gallery 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Links Directory 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Events Calendar 3.1 :) <= Remote File Inclusion (28.09.2006)
Files:Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit
 Newswriter SW v1.4.2 Remote File Include Exploit
 paBugs <= 2.0 Beta 3 Remote File Include Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod