Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 15.10.2006
Source:
SecurityVulns ID: 6721
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: SMARTY : Smarty 2.6
ZENCART : Zen Cart 1.3
JINZORA : Jinzora 2.6
VIEWVC : ViewVC 1.0
EUPLOADER : E-Uploader Pro 1.0
CENTIPAID : CentiPaid 1.4
INCCMS : IncCMS Core 1.0
CAMPSITE : CampSite 2.6
CYBERBRAU : CyberBrau 0.9
PHPBB : phpBB Fully Modded Documentation 206-3
PHPBURNINGPORTAL : phpBurningPortal 1.0
AROUNDME : AROUNDMe 0.6
NURALSTORM : NuralStorm Webmail 0.98
BBSNEW : bbsNew 2.0
IRONMAIL : IronWebMail 6.1
CVE: CVE-2006-7193 (** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant.)

Original document Kw3rLn, NuralStorm Webmail <= 0.98b Remote File Include Vulnerability (15.10.2006)

Kw3rLn, AROUNDMe <= 0.5.2 [templatePath] Remote File Include Vulnerability (15.10.2006)

security_(at)_armorize.com, Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5 (15.10.2006)

Kw3rLn, CyberBrau <= 0.9.4 [path] Remote File Include Vulnerability (15.10.2006)

document Kw3rLn, CampSite - BugReporter <= 2.6.1 Remote File Include Vulnerability (15.10.2006)

Kacper, IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability (15.10.2006)

Kw3rLn, CentiPaid <= 1.4.2 [absolute_path] Remote File Include Vulnerability (15.10.2006)

Kacper, E-Uploader Pro <= 1.0 Remote Code Execution Vulnerabilities (15.10.2006)

document Stefan Esser, [Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability (15.10.2006)

erne_(at)_ernealizm.com, Jinzora 2.6 - Remote File Include Vulnerabilities (15.10.2006)

stormhacker_(at)_hotmail.com, WDT:- osTicket File Include all V (15.10.2006)

document hitham hitham, [Full-disclosure] Vuln (15.10.2006)

Files: phpBurningPortal quiz-modul-1.0.1 - Remote File Include Exploit
Exploits phpBBFM version 206-3-3 Remote File Include Vulnerability
Exploits bbsNew => 2.0.1 Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin