Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 21.10.2006
Source:
SecurityVulns ID: 6737
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: MAMBOSERVER : Mambo Server 4.6
DIGITALHIVE : DigitalHive 2.0
DRUPAL : Drupal 4.6
ATUTOR : ATutor 1.5
SIMPLEMACHINES : Simple Machines Forum 1.1
ONEORZERO : OneOrZero Helpdesk 1.6
SIMPLOG : simplog 0.9
DRUPAL : Drupal 4.7
PHPCLASSIFIEDS : Php Classifieds 7.1
PHPLIBRARY : PHPLibrary 1.5
SERENDIPITY : Serendipity 1.0
ULTRACMS : UltraCMS 0.9
KNOWLEDGEBANK : KnowledgeBank 1.01
PHPPC : PHP Poll Creator 1.04
CVE: CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.)

Original document alireza hassani, [KAPDA::#60] Mambo V4.6.x vulnerabilities (21.10.2006)

mahmood ali, PHP Poll Creator 1.04 (poll_vote.php)File Include (21.10.2006)

Mike Klingler, Advisory for Oneorzero helpdesk (21.10.2006)

josecarlos.norte_(at)_gmail.com, PHPLibrary-1.5.3(Description.php) Remote File Include (21.10.2006)

document josecarlos.norte_(at)_gmail.com, Simple Machines Forum (SMF) XSS issue (21.10.2006)

XORON, Open Meetings Filing Application (PROJECT_ROOT) Remote File Include Vulnerability (21.10.2006)

XORON, Virtual Law Office (phpc_root_path) Remote File Include Vulnerability (21.10.2006)

document Le.CoPrA_(at)_hotmail.com, PHP Classifieds 7.1 - Remote File Include Vulnerability (21.10.2006)

the_free_kernel_(at)_b0rizq.net, [Xss] IN SMF 1.1 RC2 (21.10.2006)

security_(at)_armorize.com, Multiple XSS Vulnerabilities in KnowledgeBank 1.01 (21.10.2006)

fireboy2006_(at)_gmail.com, KICS CMS sql injection (21.10.2006)

document navairum_(at)_gmail.com, SQL Injection simplog (21.10.2006)

fireboy2006_(at)_gmail.com, UltraCMS 0.9 sql injection (21.10.2006)

mahmood ali, DigitalHive 2.0 RC2 (base_include.php)File Include (21.10.2006)

DRUPAL, [DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue (21.10.2006)

document DRUPAL, [DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue (21.10.2006)

DRUPAL, [DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues (21.10.2006)

Stefan Esser, Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities (21.10.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin