Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.10.2006
Source:
SecurityVulns ID:6737
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAMBOSERVER : Mambo Server 4.6
 DIGITALHIVE : DigitalHive 2.0
 DRUPAL : Drupal 4.6
 ATUTOR : ATutor 1.5
 SMF : Simple Machines Forum 1.1
 ONEORZERO : OneOrZero Helpdesk 1.6
 SIMPLOG : simplog 0.9
 DRUPAL : Drupal 4.7
 PHPCLASSIFIEDS : Php Classifieds 7.1
 PHPLIBRARY : PHPLibrary 1.5
 SERENDIPITY : Serendipity 1.0
 ULTRACMS : UltraCMS 0.9
 KNOWLEDGEBANK : KnowledgeBank 1.01
 PHPPC : PHP Poll Creator 1.04
CVE:CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.)
Original documentdocumentalireza hassani, [KAPDA::#60] Mambo V4.6.x vulnerabilities (21.10.2006)
 documentmahmood ali, PHP Poll Creator 1.04 (poll_vote.php)File Include (21.10.2006)
 documentMike Klingler, Advisory for Oneorzero helpdesk (21.10.2006)
 documentjosecarlos.norte_(at)_gmail.com, PHPLibrary-1.5.3(Description.php) Remote File Include (21.10.2006)
 documentjosecarlos.norte_(at)_gmail.com, Simple Machines Forum (SMF) XSS issue (21.10.2006)
 documentXORON, Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability (21.10.2006)
 documentXORON, Virtual Law Office (phpc_root_path) Remote File Include Vulnerability (21.10.2006)
 documentLe.CoPrA_(at)_hotmail.com, PHP Classifieds 7.1 - Remote File Include Vulnerability (21.10.2006)
 documentthe_free_kernel_(at)_b0rizq.net, [Xss] IN SMF 1.1 RC2 (21.10.2006)
 documentsecurity_(at)_armorize.com, Multiple XSS Vulnerabilities in KnowledgeBank 1.01 (21.10.2006)
 documentfireboy2006_(at)_gmail.com, KICS CMS sql injection (21.10.2006)
 documentnavairum_(at)_gmail.com, SQL Injection simplog (21.10.2006)
 documentfireboy2006_(at)_gmail.com, UltraCMS 0.9 sql injection (21.10.2006)
 documentmahmood ali, DigitalHive 2.0 RC2 (base_include.php)File Include (21.10.2006)
 documentDRUPAL, [DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue (21.10.2006)
 documentDRUPAL, [DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue (21.10.2006)
 documentDRUPAL, [DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues (21.10.2006)
 documentStefan Esser, Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities (21.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod