|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 09.11.2006 | | Source: |  | | | SecurityVulns ID: |  | 6802 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | PHPMYCHAT : phpMyChat 0.14 | | | | KNOWLEDGEBUILDER : knowledgeBuilder 2.2 | | | | FREEWEBSHOP : FreeWebshop 2.2 | | | | PHPMYCHAT : PhpMyChat Plus 1.9 | | | | SPEEDYWIKI : Speedywiki 2.0 | | | | IMMEDIACY : Immediacy .NET CMS 5.2 | | | | SAGE : Sage 1.3 | | | | LETTERIT : LetterIt 2 | | CVE: |  | CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.) | | | | CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect.) |
| Original document |  | v1per-haCker, gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability (09.11.2006) |
| | | v1per-haCker, LetterIt v2 (inc/session.php) Remote File Include Vulnerability (09.11.2006) |
| | | David Kierznowski, [Full-disclosure] RSS Injection in Sage part 2 (09.11.2006) |
| | | laurent gaffié, FreeWebshop <=2.2.2 [local file include & xss] (09.11.2006) |
| | | research_(at)_procheckup.com, Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie (09.11.2006) |
| | | laurent gaffié, Speedwiki 2.0 Arbitrary File Upload Vulnerability (09.11.2006) |
| | | laurent gaffié, Abarcar Realty Portal [injection sql] (09.11.2006) |
| | | laurent gaffié, Portix-PHP [login bypass & xss (post)] (09.11.2006) |
| | | navairum_(at)_gmail.com, Y.A.N.S sql injection (09.11.2006) |
| | | ajannhwt_(at)_hotmail.com, PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability (09.11.2006) |
| | | ajannhwt_(at)_hotmail.com, PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities (09.11.2006) |
|
|
|
|
|
