Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 14.10.2006
Source:
SecurityVulns ID: 6718
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB SpamBlocker Mod 1.0
SPAMOBORONA : SpamOborona PHPBB Plugin
PHPBB : phpBB Security mod 1.0
PHPBB : phpBB news defilante horizontale mod 4.1
PHPBB : phpBB lat2cyr mod 1.0
PHPBB : phpBB RPG Events mod 1.0
BUZLAS : phpBB Buzlas mod 2006-1
BLOQ : Bloq 0.5
MORCEGO : Morcego CMS 0.9
PHPCARDS : PHP Cards 1.3
mnews : MNews 2.0
GCONTACT : Gcontact 0.6
EXLOR : EXlor 1.0
CVE: CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.)
CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php.)

Original document xp1o_(at)_msn.com, @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit (14.10.2006)

mahmood ali, EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability (14.10.2006)

security_(at)_armorize.com, Multiple XSS Vulnerability in Gcontact (14.10.2006)

566d9bfe_(at)_srasg.stevenroddis.com.au, TorrentFlux startpop.php torrent Script Insertion (14.10.2006)

document xp1o_(at)_msn.com, news7 <= (news.php) Remote File Inclusion Exploit (14.10.2006)

CvIr.System_(at)_gmail.com, CMS contenido Path Disclosure (14.10.2006)

Le.CoPrA_(at)_hotmail.com, PHP Top webs (config.php) Remote File Inclue Vulnerability (14.10.2006)

Le.CoPrA_(at)_hotmail.com, MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability (14.10.2006)

document Le.CoPrA_(at)_hotmail.com, PHP Cards <= 1.3 Remote File Inclue Vulnerability (14.10.2006)

Le.CoPrA_(at)_hotmail.com, Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability (14.10.2006)

Le.CoPrA_(at)_hotmail.com, RamaCMS (adodb.inc.php) Remote File Inclue Vulnerability (14.10.2006)

document By_KorsaN_Son_(at)_Hotmail.com, Bloq 0.5.4 Remote File İnclude (14.10.2006)

By_KorsaN_Son_(at)_Hotmail.com, PHPht Topsites Remote File İnclude (14.10.2006)

Files: news defilante horizontale <= 4.1.1 Remote File Include Vulnerability
phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability
pbpbb archive for search engines Remote File Include Vulnerability
phpBB Add Name Remote File Include Vulnerability
phpBB Security <= 1.0.1 Remote File Include Vulnerability
SpamOborona PHPBB Plugin Remote File Include Vulnerability
Exploits RPG Events 1.0.0 Remote File Include Vulnerability
Exploits PhpBB Prillian French Remote File Include Vulnerability
Buzlas <= v2006-1 Full Remote File Include Vulnerability
SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability
AMAZONIA MOD Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin