|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 17.11.2006 | | Source: |  | | | SecurityVulns ID: |  | 6838 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | ETOMITE : Etomite CMS 0.6 | | | | DISCLOSER : discloser 0.0 | | | | STORYSTREAM : Storystream 4.0 | | | | BLOO : Bloo 1.00 | | | | HELM : Helm 3.20 | | | | ODYSSEUSBLOG : OdysseusBlog 1.0 | | | | DEVWMS : dev_wms 1.5 | | | | SPHPBLOG : Sphpblog 0.8 | | | | BLOGTORRENT : BlogTorrent-preview 0.92 | | | | EGGBLOG : EggBlog 3.1 | | | | MYBIC : My-BIC 0.6 | | | | BLOGCMS : blogcms 4.0 | | | | SWSOFT : Plesk 8.0 | | | | COMDEV : Comdev One Admin Pro 4.1 | | | | IGALLERY : i-Gallery 3.4 | | | | PILOTCART : Pilot Cart 7.2 | | CVE: |  | CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.) |
| Original document |  | Advisory_(at)_Aria-Security.net, Image gallery with Access Database SQL Injection (17.11.2006) |
| | | Advisory_(at)_Aria-Security.net, ASPintranet SQL Injection (17.11.2006) |
| | | Advisory_(at)_Aria-Security.net, Pilot Cart V.7.2 [ injection sql (post) ] (17.11.2006) |
| | | Advisory_(at)_Aria-Security.net, i-Gallery 3.4 Cross Site Scripting (17.11.2006) |
| | | AG- Spider, Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include (17.11.2006) |
| | | laurent gaffié, Hot Links download backup authorized vulnerabilities (re-post with some edit) (17.11.2006) |
| | | laurent gaffié, ASP Cart [multiples injection sql (post & get)] (17.11.2006) |
| | | laurent gaffié, BaalAsp forum [login bypass ,injections sql(post), xss(post)] (17.11.2006) |
| | | laurent gaffié, CandyPress Store[ multiples injection sql ] (17.11.2006) |
| | | laurent gaffié, eShopping Cart [injection sql] (17.11.2006) |
| | | revenge, Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) (17.11.2006) |
| | | riclem_(at)_yahoo.com, Chetcpasswd 2.x: multiple vulnerabilities (17.11.2006) |
| | | Aesthetico, [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues (17.11.2006) |
| | | laurent gaffié, PhpMyAdmin all version [multiples vulnerability] (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, blogcms => 4.0.0 Remote File Include (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, eggblog=> 3.1.0 Cross Site Scripting (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, BlogTorrent-preview => 0.92 Cross Site Scripting (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, Sphpblog => 0.8 Cross Site Scripting (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, dev_wms => 1.5 Remote File Include Vulnerabilities (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, Bloo => 1.00 Remote File Include Vulnerability (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, OdysseusBlog => 1.0.0 Cross Site Scripting (17.11.2006) |
| | | the_3dit0r_(at)_yahoo.com, discloser => 0.0.4 Remote File Include Vulnerabilities (17.11.2006) |
| | | Advisory_(at)_Aria-Security.net, Helm Cross Site Scripting (17.11.2006) |
|
|
|
|
|
