|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 23.10.2006 | | Source: |  | MILW0RM | | SecurityVulns ID: |  | 6742 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | PHPNUKE : PHP-Nuke 7.9 | | | | YAPBB : YapBB 1.2 | | | | PHPPOST : PHP-Post 1.01 | | | | MAMBO : MamboWeather Mambo module 1.8 | | | | MAMBO : com_videodb Mambo Componenet 0.3 | | | | MAMBO : com_videodb Mambo Componenet 4.0 | | | | NETDNS : Net_DNS 0.03 | | | | SPEEDBERG : speedberg 1.2 | | | | TAWLER : trawler 1.8 | | | | WSNFORUM : WSN Forum 1.3 | | | | PHPEXPLORER : PH Pexplorer 0.24 | | | | JAXULTRABB : JaxUltraBB 2.0 | | | | EZTICKET : EZ-Ticket 0.0 | | | | EPNADMIN : EPNadmin 0.7 | | | | CASTOR : CASTOR 1.1 | | | | KAWF : kawf 1.0 | | | | LOCI : Local Calendar System 1.1 | | | | PHPAMX : phpamx 0.90 | | | | LOUPORTAIL : Lou Portail 1.4 | | | | WGCC : Web Group Communication Center 0.5 | | | | ABB : Active Bulletin Board 1.1 | | | | SEUECMS : Segue CMS 1.5 | | | | PHPPOWERCARDS : phpPowerCards 2.10 | | | | POWERPHLOGGER : Power Phlogger 2.0 |
| Original document |  | x_w0x, Power Phlogger 2.0.9 Remote|Local File Include Vulnerability (23.10.2006) |
| | | nuffsaid, phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability (23.10.2006) |
| | | nuffsaid, Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability (23.10.2006) |
| | | ajannhwt_(at)_hotmail.com, Active Bulletin Board v1.1 beta2 (doprofiledit.asp) Remote User Pass Change (23.10.2006) |
| | | ajannhwt_(at)_hotmail.com, WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability (23.10.2006) |
| | | mp01010_(at)_yahoo.com, Lou Portail 1.4.1 Remote|Local File Include Vulnerability (23.10.2006) |
| | | o0xxdark0o_(at)_msn.com, local Calendar System v1.1 (lcUser.php) Remote File Include (23.10.2006) |
| | | o0xxdark0o_(at)_msn.com, kawf (config) Remote File Include (23.10.2006) |
| | | Kw3rLn, EPNadmin remote Command Execution Vulnerabilities (23.10.2006) |
| | | Kw3rLn, CASTOR <= 1.1.1 Remote Command Execution Vulnerability (23.10.2006) |
| | | Kw3rLn, RSSonate remote Command Execution Vulnerabilities (23.10.2006) |
| | | Kw3rLn, RSSonate remote Command Execution Vulnerabilities (23.10.2006) |
| | | the master, EZ-Ticket v0.0.1 Remote File Inclusion Vulnerability (23.10.2006) |
| | | paisterist.nst_(at)_gmail.com, PHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit (23.10.2006) |
| | | Kacper, WSN Forum <= 1.3.4 (pathtoconfig) Remote File Include Exploit / Code Execution Vulnerability (23.10.2006) |
| | | Kacper, YapBB <= 1.2 Beta2 (yapbb_session.php) Remote File Include Exploit (23.10.2006) |
| | | Kacper, PHP-Post <= 1.01 (template) Remote Code Execution Exploit (23.10.2006) |
| | | Kacper, PH Pexplorer <= 0.24 (Cookie/language.php) Remote Code Execution Exploit (23.10.2006) |
| | | Kacper, JaxUltraBB <= 2.0 (delete.php) Defaced Exploit (23.10.2006) |
| | | k1tk4t, trawler <= 1.8.1 Remote File Inclusion (23.10.2006) |
| | | k1tk4t, speedberg <= 1.2beta1 Remote File Inclusion (23.10.2006) |
| | | Drago84, Net_DNS: Remote File Inclusion by ToXiC CreW (23.10.2006) |
| | | h4ntu, Mambo component remote inclusion vulneribility (23.10.2006) |
| | | h4ntu, com_videodb Mambo Componenet <= 0.3en Remote Include Vulnerability (23.10.2006) |
| | | h4ntu, Another Mambo module remote inclusion vulneribility (23.10.2006) |
| | | x0r0n_(at)_hotmail.com, PHP Generator of Object SQL Database (path) Remote File Include Vulnerability (23.10.2006) |
|
|
|
|
|
