Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		11.10.2006
Source:
SecurityVulns ID:		6704
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		VTIGER : Vtiger CRM 4.2
		GOOP : Goop Gallery 2.0
		MYSQLDUMPER : MysqlDumper 1.21
		PHPLIBRE : TribunaLibre 3.12
		PHPLIBRE : registroTL
		ZEBIGBOZER : compteur 2
		FOAFGEN : Foafgen 0.3
		APSN : Album Photo Sans Nom 1.6
		EXPBLOG : eXpBlog 0.3
		PHPLIBRARY : PHPLibrary 1.5
		CLAROLINE : Claroline 1.8
		BLUESHOES : blueshoes 4.6

Original document		security_(at)_armorize.com, Directory Traversal Vulnerability in Goop Gallery 2.0.2 (11.10.2006)
		tamriel_(at)_gmx.net, [Full-disclosure] eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities (11.10.2006)
		Mayhemic Labs Security, [Full-disclosure] MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues (11.10.2006)
		Dragos Ruiu, [Full-disclosure] PacSec Hype Security Team: CGI.pm param injection (11.10.2006)
		k1tk4t_(at)_newhack.org, blueshoes <= 4.6_public Remote File Inclusion (11.10.2006)
		k1tk4t_(at)_newhack.org, claroline <= 180rc1 Remote File Inclusion (11.10.2006)
		k1tk4t_(at)_newhack.org, tagit2b -- Remote File Inclusion (11.10.2006)
		k1tk4t_(at)_newhack.org, PHPLibrary <= 1.5.3 Remote File Inclusion (11.10.2006)
		Mayhemic Labs Security, MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues (11.10.2006)
		tamriel_(at)_gmx.net, eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities (11.10.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability (11.10.2006)
		gmdarkfig_(at)_gmail.com, 7 php scripts File Inclusion / Source disclosure Vuln (11.10.2006)
		crackers child, MysqlDumper Version 1.21 b6 Xss Vulnerability (11.10.2006)

Discuss:

Read or add your comments to this news (0 comments)