Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		02.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6768
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		HOSTINGCONTROLLE : Hosting Controller 6.1
		INVISION : Invision Power Board 2.1
		TIKIWIKI : tikiwiki 1.9
		WORDPRESS : WordPress 2.0
		PHPMYADMIN : phpmyadmin 2.9
		BEN3W : 2BGal 3.0
		INNOVATEBOARD : Innovate Portal 2.0
		PWSPHP : PwsPHP 1.1
		TGSCMS : T.G.S. CMS 0.1
		LITHIUMCMS : Lithium CMS 4.04

Original document		SECUNIA, [SA22607] Hosting Controller Multiple Vulnerabilities (02.11.2006)
		MILW0RM, PwsPHP <= 1.1 (themes/fin.php) Remote File Include Vulnerablity (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint" (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions (02.11.2006)
		LegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" (02.11.2006)
		Rapigator, [Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability (02.11.2006)
		Juha-Matti Laurio, [Full-disclosure] WordPress release 2.0.5 includes about 50 bugfixes (02.11.2006)
		Stefan Esser, [Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability (02.11.2006)
		securfrog_(at)_gmail.com, tikiwiki 1.9.5 mysql password disclosure & xss (02.11.2006)

Files:		2BGal 3.0 Remote Command Execution Exploit
		Exploits Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7
		Innovate Portal <= 2.0 Remote Code Execution Exploit
		T.G.S. CMS <= 0.1.7 Remote SQL Injection Exploit
		Lithium CMS <= 4.04c Remote Code Execution Exploit
Discuss:		Read or add your comments to this news (0 comments)