Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		03.05.2006
Source:
SecurityVulns ID:		6082
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPNUKE : PHP-Nuke 7.9
		BITDAMAGED : geoBlog 1.0
		MYNEWS : MyNews 1.6
		ZENPHOTO : zenphoto 1.0
		SBLOG : sBlog 0.7
		CMSCOUT : Cmscout 1.10
		SFUSERS : SF-Users 1.0
		FILEPROTECTION : FileProtection Express 1.0
		TYROCMS : TyroCms 1.0
		INVISION : Invision Gallery 2.0
		ALBINATOR : Albinator 2.0
		PHPKB : phpkb Knowledge Base 1.0
		FASTCLICK : Fast Click 2.3

Original document		SECUNIA, [SA19913] phpkb Knowledge Base "searchkeyword" Cross-Site Scripting (03.05.2006)
		r0t, albinator <= 2.0.8 Remote File Inclusion Vuln and XSS (03.05.2006)
		o.y.6_(at)_hotmail.com, Invision Gallery 2.0.6 ( SQL Injection ) (03.05.2006)
		zerogue_(at)_gmail.com, Cmscout <= V1.10 multiple XSS attack vectors (03.05.2006)
		zerogue_(at)_gmail.com, SF-Users V1.0 XSS injection (03.05.2006)
		zerogue_(at)_gmail.com, FileProtection Express <= 1.0.1 authentification bypass (03.05.2006)
		zerogue_(at)_gmail.com, Russcom.net Loginphp multiple vulnerabilties (03.05.2006)
		zerogue_(at)_gmail.com, TyroCms beta V1.0 multiple XSS injections (03.05.2006)
		admin_(at)_subjectzero.net, sBlog SQL Injection and Path Disclosure Vulnerability (03.05.2006)
		admin_(at)_subjectzero.net, geoBlog Mutiple XSS Vulnerability (03.05.2006)
		raphael.huck_(at)_free.fr, zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (03.05.2006)
		yavuz sahin, MyNews 1.6.2 Cross Site Scripting (03.05.2006)
		Private Private, PHP-Nuke <= All Version Administrator SQL Injection Exploit / By WiLdBoY (03.05.2006)

Files:		Fast Click <= 2.3.8 Remote File Inclusion exploit
Discuss:		Read or add your comments to this news (0 comments)