Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 30.10.2006
Source:
SecurityVulns ID: 6752
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: THEPEAK : Thepeak File Upload 1.3
HOSTINGCONTROLLE : Hosting Controller 6.1
PHPADSNEW : phpAdsNew 2.0
PHPNUKE : PHP-Nuke 7.9
COPPERMINE : Coppermine Photo Gallery 1.4
CENTIPAID : CentiPaid 1.4
EZONLINEGALLERY : ezOnlineGallery 1.3
MINIBILL : MiniBILL 2006-10-10
TEXTPATTERN : TextPattern 1.19
ARTICLEBEACH : ArticleBeach 2.0
PLSBANNIERES : PLS-Bannieres 1.21
BAN : Ban 0.1
PHPLEADS : phpLedAds 2.0
EXPORIA : Exporia 0.3
CVE: CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.)
CVE-2006-6975 (** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.)

Original document firewall1954_(at)_hotmail.com, CentiPaid <= 1.4.2 [$class_pwd] Remote File Include (30.10.2006)

disfigure, [Full-disclosure] Coppermine 1.4.9 SQL injection (30.10.2006)

mahmood ali, phpLedAds 2.0(dir) File Include (30.10.2006)

mahmood ali, Ban v0.1 (bannieres.php) File Include (30.10.2006)

document mahmood ali, PLS-Bannieres 1.21 (bannieres.php) File Include (30.10.2006)

Bithedz_(at)_gmail.com, ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability (30.10.2006)

ip.123.456.78.90_(at)_hotmail.com, GestArt <= vbeta 1 Remote File Include Vulnerabilities (30.10.2006)

document loveha_(at)_gmail.com, Thepeak File Upload v1.3 : Read file vulneability (30.10.2006)

playpacific.emulacaid_(at)_gmail.com, Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability (30.10.2006)

zooz_998_(at)_hotmail.com, phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include (30.10.2006)

document Bithedz_(at)_gmail.com, TextPattern <=1.19 Remote File Inclusion Vulnerability (30.10.2006)

fireboy2006_(at)_gmail.com, UNISOR CMS sql injection (30.10.2006)

paisterist.nst_(at)_gmail.com, PHP-Nuke <= 7.9 Search module "author" SQL Injection vulnerability (30.10.2006)

document XORON, MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability (30.10.2006)

Mayhemic Labs Security, MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues (30.10.2006)

Files: Exporia => 0.3.0 Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server