Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.11.2006
Source:
SecurityVulns ID:6838
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ETOMITE : Etomite CMS 0.6
 DISCLOSER : Discloser 0.0
 STORYSTREAM : Storystream 4.0
 BLOO : Bloo 1.00
 HELM : Helm 3.20
 ODYSSEUSBLOG : OdysseusBlog 1.0
 DEVWMS : dev_wms 1.5
 SPHPBLOG : Sphpblog 0.8
 BLOGTORRENT : BlogTorrent-preview 0.92
 EGGBLOG : EggBlog 3.1
 MYBIC : My-BIC 0.6
 BLOGCMS : blogcms 4.0
 SWSOFT : Plesk 8.0
 COMDEV : Comdev One Admin Pro 4.1
 IGALLERY : i-Gallery 3.4
 PILOTCART : Pilot Cart 7.2
CVE:CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.)
Original documentdocumentAdvisory_(at)_Aria-Security.net, Image gallery with Access Database SQL Injection (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ASPintranet SQL Injection (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Pilot Cart V.7.2 [ injection sql (post) ] (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, i-Gallery 3.4 Cross Site Scripting (17.11.2006)
 documentAG- Spider, Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include (17.11.2006)
 documentlaurent gaffié, Hot Links download backup authorized vulnerabilities (re-post with some edit) (17.11.2006)
 documentlaurent gaffié, ASP Cart [multiples injection sql (post & get)] (17.11.2006)
 documentlaurent gaffié, BaalAsp forum [login bypass ,injections sql(post), xss(post)] (17.11.2006)
 documentlaurent gaffié, CandyPress Store[ multiples injection sql ] (17.11.2006)
 documentlaurent gaffié, eShopping Cart [injection sql] (17.11.2006)
 documentrevenge, Etomite CMS 0.6.1.2 Multiple Vulnerabilities ( Sql Injection + Local file inclusion ) (17.11.2006)
 documentriclem_(at)_yahoo.com, Chetcpasswd 2.x: multiple vulnerabilities (17.11.2006)
 documentAesthetico, [MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues (17.11.2006)
 documentlaurent gaffié, PhpMyAdmin all version [multiples vulnerability] (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, blogcms => 4.0.0 Remote File Include (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, eggblog=> 3.1.0 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, BlogTorrent-preview => 0.92 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Sphpblog => 0.8 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, dev_wms => 1.5 Remote File Include Vulnerabilities (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Bloo => 1.00 Remote File Include Vulnerability (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, OdysseusBlog => 1.0.0 Cross Site Scripting (17.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, discloser => 0.0.4 Remote File Include Vulnerabilities (17.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Helm Cross Site Scripting (17.11.2006)
Files:discloser => 0.0.4 Remote File Include Vulnerability Exploit
 Myphotos => Remote File Include Vulnerability
 worksystem => Remote File Include Vulnerability Exploit
 My-BIC => 0.6.5 Remote File Include Vulnerability
 RED Blog => Remote File Include Vulnerability Exploit
 RED Blog => Remote File Include Vulnerability Exploit
 Storystream => 4.0 Remote File Include Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod