Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.11.2006
Source:
SecurityVulns ID:		6818
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPKIT : PHPKIT 1.6
		PHPWCMS : phpwcms 1.2
		EXOSCRIPTS : ExoPHPDesk 1.2
		AMPACHE : ampache 3.3
		ELOG : ELOG 2.6
		CPANEL : CPanel 10
		SHOPSYSTEMS : ShopSystems 4.0
		TOPSTORY : TOPSTORY BASIC 1.0
		MYSTATS : MyStats 1.0
		PHPMANTA : phpManta - Mdoc 1.0
		ASPIRED2POLL : AspPired2 Poll 1.0
		USTORE : UStore 1.0
		NUCOMMUNITY : NuCommunity 1.0
		NUREMS : NuRems 1.0
		NUSCHOOL : NuSchool 1.0
		MAMBO : shambo2 Mambo component 4.5
		VBULLETIN : vBulletin 3.6
		PHPJOBSCHEDULER : phpjobscheduler 3.0
		PHPDEBUG : Phpdebug 1.1
		ULTRASITE : UltraSite 1.0
		ASPSCRIPTER : ASP Scripter Easy Portal 1.4
		ASPSCRIPTER : ASP Scripter Live Support 1.3
		PROPERTYPRO : Property Pro 1.0
		ASPPORTAL : ASPPortal 4.0
		UPUBLISHER : UPublisher 1.0
		ESTATEAGENTMANAG : Estate Agent Manager 1.3
		DIRECTADMIN : DirectAdmin 1.28
		MINIBB : MiniBB 2
		ONLINEEVENTREGIS : Online Event Registration 2.0
		RAMACMS : Rama CMS 0.68
		PHPWIND : PHPWind 5.0
		MUNCHPRO : Munch Pro 1.0
		STORYSTREAM : Storystream 4.0
		CONTENTNOW : ContentNow 1.30
		VALLHERU : Vallheru 1.0
		OPENSOLUTIONS : Quick.Cart 2.0
		PHPPEANUTS 1.1 : Phppeanuts 1.1
		NETQUERY : Netquery 4.0
		DOTDEB : Dotdeb PHP 5.2
CVE:		CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.)
		CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.)
		CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).)
		CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
		CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.)

Original document		Advisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
		Advisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
		Stefan Esser, [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability (14.11.2006)
		Advisory_(at)_Aria-Security.net, ASPintranet SQL Injection (14.11.2006)
		SECUNIA, [SA22842] Ampache Unauthorized Guest Access (14.11.2006)
		SECUNIA, [SA22864] Netquery "User-Agent" HTTP Header Script Insertion (14.11.2006)
		Hidayat Sagita, Phppeanuts 1.1 Remote File Include (14.11.2006)
		navairum_(at)_gmail.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
		timq_(at)_hackernetwork.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
		SECUNIA, [SA22812] Vallheru mail.php SQL Injection Vulnerabilities (14.11.2006)
		writ3r_(at)_gmail.com, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
		v1per-haCker, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
		philip anselmo, New Bug MiniBB Forum <= 2 Remote File Include (index.php) (14.11.2006)
		Advisory_(at)_Aria-Security.net, DirectAdmin Multiple Cross Site Scription (14.11.2006)
		ajannhwt_(at)_hotmail.com, Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
		Advisory_(at)_Aria-Security.net, CPanel Multiple Cross Site Scription (14.11.2006)
		ajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability (14.11.2006)
		OS2A BTO, ELOG Web Logbook Remote Denial of Service Vulnerability (14.11.2006)
		firewall1954_(at)_hotmail.com, Phpdebug 1.1.0 - Remote File Include by Firewall (14.11.2006)
		firewall1954_(at)_hotmail.com, Phpjobscheduler 3.0 - Multiple Remote File Include (14.11.2006)
		navairum_(at)_gmail.com, Aigaion Web Interface remote file inclusion (14.11.2006)
		laurent gaffié, infinicart [ multiples injection sql & xss (post) ] (14.11.2006)
		ajannhwt_(at)_hotmail.com, NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, NuRems 1.0 Remote XSS/SQL Injection Exploit (14.11.2006)
		ajannhwt_(at)_hotmail.com, UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability (14.11.2006)
		laurent gaffié, Mega Mall [ multiples injection sql & full path disclosure ] (14.11.2006)
		benjilenoob_(at)_hotmail.com, MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] (14.11.2006)
		Aesthetico, TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability (14.11.2006)
		Aesthetico, [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue (14.11.2006)
		vannovax_(at)_gmail.com, Wordpress File Inclusion (14.11.2006)
		firewall1954_(at)_hotmail.com, Exophpdesk V1.2 - Remote File Include (14.11.2006)
		philipp.niedziela_(at)_gmx.de, PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit (14.11.2006)

Files:		phpManta - Mdoc 1.0
		AspPired2 Poll 1.0
		NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit
		NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit
		shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit
		phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit
		Script Name: Munch Pro 1.0 (switch.asp) Remote SQL Injection Exploit
		NuRems 1.0 (propertysdetails.asp) Remote SQL Injection Exploit
		VBulletin DoS Exploit
		Rama CMS <= 0.68 (Cookie: lang) Local File Include Exploit
		PHPWind <= 5.0.1 "AdminUser" blind SQL injection exploit
		CMSmelborp(user_standard.php) Remote File Inclusion Exploit
		Quick.Cart <= 2.0 Remote Code Execution Exploit
		AspPortal Password Decrypter
		Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit
Discuss:		Read or add your comments to this news (0 comments)