Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.10.2006
Published: 12.10.2006
Source:
SecurityVulns ID: 6705
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: FLATNUKE : Flatnuke 2.5
XEOPORT : Xeobook 0.93
PHPLIST : phplist 2.10
ZENPHOTO : zenphoto 1.0
SUPERALBERT : AlberT-EasySite 1.0
JINZORA : Jinzora 2.1
GCARDS : gcards 1.13
COMMUNITYPORTALS : CommunityPortals 1.0
SMARTYVALIDATE : SmartyValidate 2.8
XEOPORT : XeoPort 0.81
CALLCENTERSOFTWA : call-center software 0.93
SOFTERRA : PHP Developer Library 1.5
DOWNLOADENGINE : Download-Engine 1.4
PHPBB : phpBB Journals System mod 1.0
SHNEWS : SH-News 3.1
MINICHAT : Minichat 6
NABOARD : n@board 3.1
EDROTBERG : Exhibit Engine 1.5

Original document raphael.huck_(at)_free.fr, zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (13.10.2006)

MILW0RM, n@board <= 3.1.9e (naboard_pnr.php) Remote File Include Vulnerability (12.10.2006)

los_misfits_(at)_hotmail.com, Exploits Minichat v6 Remote File Include (12.10.2006)

document v1per-haCker, SH-News (RFI) (12.10.2006)

v1per-hacker_(at)_hotmail.com , Download-Engine Remote File Include (12.10.2006)

v1per-hacker_(at)_hotmail.com , Download-Engine Remote File Include (12.10.2006)

mp01010_(at)_yahoo.com, Softerra. PHP Developer Library (12.10.2006)

document Mayhemic Labs Security, [Full-disclosure] MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues (12.10.2006)

tamriel_(at)_gmx.net, [Full-disclosure] XeoPort <= 0.81 SQL Injection Vulnerability (12.10.2006)

tamriel_(at)_gmx.net, [Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities (12.10.2006)

document hitham hitham, [Full-disclosure] New Vuln... (12.10.2006)

k1tk4t_(at)_newhack.org, AlberT-EasySite <= 1.0.a5 Remote File Inclusion (12.10.2006)

raphael.huck_(at)_free.fr, Noah's Classifieds Cross Site Scripting Vulnerability (12.10.2006)

D-virus_(at)_linuxmail.org, gcards (languagefile) <= Remote File Include (12.10.2006)

document k1tk4t_(at)_newhack.org, Jinzora <= 2.1 Remote File Inclusion (12.10.2006)

MustLive, Cross-Site Scripting � phplist (12.10.2006)

Files: Exhibit Engine <= 1.5 RC 4 (photo_comment.php) Remote File Include Exploit
Exploits CommunityPortals <= 1.0 Remote File Include Vulnerability
Exploits CommunityPortals <= 1.0 Remote File Include Vulnerability
Flatnuke <=2.5.8 file()/privilege escalation/remote commands xctn exploit
Flatnuke 2.5.8 "userlang" arbitrary local inclusion/delete all users exploit
Exploits Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability
Exploits PHP News Reader <= 2.6.2 Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin