Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 28.09.2006
Source:
SecurityVulns ID: 6655
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: OPTIAL : Opial Audio/Video Download Management 1.0
COMDEV : Comdev Events Calendar 3.1
COMDEV : Comdev Newsletter 3.1
COMDEV : Comdev FAQ Support 3.1
COMDEV : Comdev Guestbook 3.1
COMDEV : Comdev eCommerce 3.1
COMDEV : Comdev CSV Importer 3.1
COMDEV : Comdev Web Blogger 3.1
COMDEV : Comdev Customer Helpdesk 3.1
COMDEV : Comdev Vote Caster 3.1
COMDEV : Comdev Contact Form 3.1
COMDEV : Comdev News Publisher 3.1
COMDEV : Comdev Photo Gallery 3.1
COMDEV : Comdev Links Directory 3.1
VIRTUEMART : VirtueMart Joomla eCommerce Edition 1.0
ABLOG : A-Blog 2.0
NEWSWRITER : Newswriter SW 1.42
KIETU : Kietu 4.0
EYEOS : eyeOS 0.9
PABUGS : psBugs 2.0
CVE: CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.)
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)

Original document SECUNIA, [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities (28.09.2006)

SECUNIA, [SA22092] Opial Audio/Video Download Management Cross-Site Scripting (28.09.2006)

SECUNIA, [SA22117] eyeOS Cross-Site Scripting Vulnerabilities (28.09.2006)

D_7J, Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit (28.09.2006)

document co-type_(at)_hotmail.com, Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability (28.09.2006)

v1per-haCker, A-Blog v2.0 Remote File Include (28.09.2006)

ifx_(at)_cupu.us, bug com_madeira (28.09.2006)

Base64, VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities (28.09.2006)

document stormhacker_(at)_hotmail.com, net2ftp: a web based FTP client :) <= Remote File Inclusion (28.09.2006)

vannovax_(at)_gmail.com, MkPortal Cross Site Scripting (All versions) xSS (28.09.2006)

stormhacker_(at)_hotmail.com, PHPSelect Web Development Division <= Remote File Inclusion (28.09.2006)

document stormhacker_(at)_hotmail.com, Comdev Newsletter 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev FAQ Support 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Guestbook 3.1 :) <= Remote File Inclusion (28.09.2006)

document stormhacker_(at)_hotmail.com, Comdev eCommerce 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev CSV Importer 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Web Blogger 3.1 :) <= Remote File Inclusion (28.09.2006)

document stormhacker_(at)_hotmail.com, Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Vote Caster 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Contact Form 3.1 :) <= Remote File Inclusion (28.09.2006)

document stormhacker_(at)_hotmail.com, Comdev News Publisher 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Photo Gallery 3.1 :) <= Remote File Inclusion (28.09.2006)

stormhacker_(at)_hotmail.com, Comdev Links Directory 3.1 :) <= Remote File Inclusion (28.09.2006)

document stormhacker_(at)_hotmail.com, Comdev Events Calendar 3.1 :) <= Remote File Inclusion (28.09.2006)

Files: Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit
Newswriter SW v1.4.2 Remote File Include Exploit
paBugs <= 2.0 Beta 3 Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin