Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		05.12.2006
Source:
SecurityVulns ID:		6888
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CUTEPHP : CuteNews 1.3
		DUWARE : DuPortal 3.4
		PHPMYADMIN : phpmyadmin 2.7
		SMF : Simple Machines Forum 1.1
		DUWARE : DUdForum 3.0
		PHPNEWS : PHPNews 1.3
		LISTPICS : listpics 5
		METYUSOKUL : Metyus Okul Yönetim Sistemi 1.0
		ISMAIL : ISMail 2.0
		ONLINEBOOLMARKS : OnLine Bookmarks 0.6
		VTFORUM : Vt-Forum Lite System 1.3
		HASTYMAIL : Hastymail 1.5
CVE:		CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.)
		CVE-2006-4445 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.)

Original document		ISecAuditors Security Advisories, [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail (05.12.2006)
		h angel, new xss in modbb forum (05.12.2006)
		nj_(at)_hackerz.ir, XSS in JAB Guest Book (05.12.2006)
		nj_(at)_hackerz.ir, Multiple bugs in TFT-Gallery (05.12.2006)
		starext_(at)_msn.com, Vt-Forum Lite System V.1.3 Xss Vuln. (05.12.2006)
		ajannhwt_(at)_hotmail.com, PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting (05.12.2006)
		gamr-14_(at)_hotmail.com, 2[xss]Vulnerabilities in Script Mobile Ac4p.com (05.12.2006)
		Jessica Hope, SMF upload XSS vulnerability (05.12.2006)
		security_(at)_vigilon.com, Online BookMarks Multiple SQL Injection/XSS Vulnerabilities (05.12.2006)
		ISecAuditors Security Advisories, [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail (05.12.2006)
		ShaFuq31_(at)_HoTMaiL.CoM, Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln. (05.12.2006)
		blasterim_(at)_hotmail.com, listpics v5 (05.12.2006)
		ISecAuditors Security Advisories, [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS (05.12.2006)
		blasterim_(at)_hotmail.com, KhaledMuratList mdb (05.12.2006)
		emulamex_(at)_hotmail.com, CuteNews 1.3.6 XSS (05.12.2006)
		emulamex_(at)_hotmail.com, PHPNews 1.3.0 XSS (05.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] uGestBook SQL Injection Vuln (05.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuPaypal SQL Injection Vuln (05.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuForum SQL Injection Vuln (05.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln (05.12.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security Team] DuWare DuPortal SQL Injection Vuln (05.12.2006)

Discuss:

Read or add your comments to this news (0 comments)