Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.10.2006
Source:
SecurityVulns ID:6721
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMARTY : Smarty 2.6
 ZENCART : Zen Cart 1.3
 JINZORA : Jinzora 2.6
 VIEWVC : ViewVC 1.0
 EUPLOADER : E-Uploader Pro 1.0
 CENTIPAID : CentiPaid 1.4
 INCCMS : IncCMS Core 1.0
 CAMPSITE : CampSite 2.6
 CYBERBRAU : CyberBrau 0.9
 PHPBB : phpBB Fully Modded Documentation 206-3
 PHPBURNINGPORTAL : phpBurningPortal 1.0
 AROUNDME : AROUNDMe 0.6
 NURALSTORM : NuralStorm Webmail 0.98
 BBSNEW : bbsNew 2.0
 IRONMAIL : IronWebMail 6.1
CVE:CVE-2006-7193 (** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant.)
Original documentdocumentKw3rLn, NuralStorm Webmail <= 0.98b Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, AROUNDMe <= 0.5.2 [templatePath] Remote File Include Vulnerability (15.10.2006)
 documentsecurity_(at)_armorize.com, Re: Multiple XSS Vulnerabilities in Zen Cart 1.3.5 (15.10.2006)
 documentKw3rLn, CyberBrau <= 0.9.4 [path] Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, CampSite - BugReporter <= 2.6.1 Remote File Include Vulnerability (15.10.2006)
 documentKacper, IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability (15.10.2006)
 documentKw3rLn, CentiPaid <= 1.4.2 [absolute_path] Remote File Include Vulnerability (15.10.2006)
 documentKacper, E-Uploader Pro <= 1.0 Remote Code Execution Vulnerabilities (15.10.2006)
 documentStefan Esser, [Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability (15.10.2006)
 documenterne_(at)_ernealizm.com, Jinzora 2.6 - Remote File Include Vulnerabilities (15.10.2006)
 documentstormhacker_(at)_hotmail.com, WDT:- osTicket File Include all V (15.10.2006)
 documenthitham hitham, [Full-disclosure] Vuln (15.10.2006)
Files:Exploits phpBBFM version 206-3-3 Remote File Include Vulnerability
 phpBurningPortal quiz-modul-1.0.1 - Remote File Include Exploit
 Exploits bbsNew => 2.0.1 Remote File Include Vulnerability
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod