Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 22.11.2006
Source: BUGTRAQ
SecurityVulns ID: 6847
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: POSTNUKE : PostNuke 0.7
CUREPHP : CuteNews 1.4
ETOMITE : Etomite CMS 0.6
PERLFORUMS : Pearl Forums 2.4
MGAPPLANIX : mg.applanix 1.3
MXBB : mxBB calsnails module 1.06
CONTENTNOW : ContentNow CMS 1.39
IXPRIMCMS : Ixprim CMS 1.2
TELAEN : Telaen 1.1
RAPIDCLASSIFIED : Rapid Classified 3.1
PHPOLL : PHPOLL 0.96
RIALTO : Rialto 1.6
SHOPPINGCATALOG : Shopping_Catalog 0.9
DISCHUNARY : dicshunary 0.1
ENOMPHP : enomphp 4.0
DODOSMAIL : DodosMail 2.0
LOUDMOUTH : LoudMouth 2.4
BIRDBLOG : BirdBlog 1.4
WABBIT : Wabbit PHP Gallery 0.9
MALBUM : mAlbum 0.3
LTWCALENDAR : ltwCalendar 4.2
SEDITIO : Seditio 1.10
LDU : LDU 8.0
PHOTOCART : PhotoCart 3.9
EARK : e-Ark 1.0
PHPPC : phpPC 1.04

Original document iss4m, phpPC 1.04 Multiples Remote File Inclusion (22.11.2006)

Dr Max Virus, Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities (22.11.2006)

irvian, PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability (22.11.2006)

sni-labs_(at)_sni-labs.com, Vulnerability in PostNuke (22.11.2006)

document Mustafa Can Bjorn IPEKCI, Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. (22.11.2006)

Mustafa Can Bjorn IPEKCI, Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. (22.11.2006)

laurent gaffié, JiRos Links Manager[injection sql & xss permanent] (22.11.2006)

document laurent gaffié, creadirectory [injection sql & xss] (22.11.2006)

laurent gaffié, Link Exchange Lite [injection sql] (22.11.2006)

laurent gaffié, aBitWhizzy [local file include] (22.11.2006)

alireza hassani, [KAPDA]::Security analysis of cutenews 1.4.5 (22.11.2006)

document laurent gaffié, The Classified Ad System [multiple xss & injection sql] (22.11.2006)

the_3dit0r_(at)_yahoo.com, ltwCalendar => 4.2.1 Remote File Include Vulnerabilities (22.11.2006)

the_3dit0r_(at)_yahoo.com, my little weblog => Cross Site Scripting (22.11.2006)

laurent gaffié, Classified System [injection sql] (22.11.2006)

document tux025_(at)_gmail.com, mAlbum v0.3 Multiple vulnerabilitizzz (22.11.2006)

the_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery => 0.9 Remote Traversal Directory (22.11.2006)

the_3dit0r_(at)_yahoo.com, BirdBlog => v1.4.0 Cross Site Scripting (22.11.2006)

the_3dit0r_(at)_yahoo.com, LoudMouth => 2.4 Remote File Include Vulnerabilities (22.11.2006)

document the_3dit0r_(at)_yahoo.com, Telaen => 1.1.0 Remote File Include Vulnerability (22.11.2006)

laurent gaffié, klf-realty [injection sql] (22.11.2006)

the_3dit0r_(at)_yahoo.com, enomphp => 4.0 Remote Traversal Directory (22.11.2006)

Advisory_(at)_Aria-Security.net, gNews Publisher SQL Injection Vulnerabilites (22.11.2006)

document laurent gaffié, Rialto 1.6[admin login bypass & multiples injections sql] (22.11.2006)

laurent gaffié, eClassifieds [injection sql] (22.11.2006)

the_3dit0r_(at)_yahoo.com, PHPOLL => 0.96 Cross Site Scripting (22.11.2006)

laurent gaffié, ehomes [multiples injections sql] (22.11.2006)

document ajannhwt_(at)_hotmail.com, ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability (22.11.2006)

bluespy.ok_(at)_gmail.com, PhpBB Module Dimension Remote File Include (22.11.2006)

vitux.manis_(at)_gmail.com, Ixprim CMS 1.2 Remote File Include Vulnerability (22.11.2006)

document revenge, ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)

revenge, ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)

revenge, Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits (22.11.2006)

Files: Telaen => 1.1.0 Remote File Include Vulnerability Exploit
Shopping_Catalog Remote File Include exploit
DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit
e-Ark project Remote File Inclusion Exploit
dicshunary 0.1 alpha Remote File Inclusion Exploit
Exploits Etomite CMS Remote Command Execution
Exploits Etomite CMS "id" SQL Injection
Exploits ContentNow "pageid" Sql Injection
mg.applanix <= 1.3.1 Remote File Include Exploit
mxBB calsnails module 1.06 Remote File Inclusion Exploit
MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin