| Affected: |  | GUPPY : Guppy 4.5 |
| | | XERO : Xero Portal 1.2 |
| | | WEBWFLOG : Webfwlog 0.92 |
| | | PHPMYTOOLS : phpMyReports 3.0 |
| | | VIRTUALPATH : Virtual Path 1.0 |
| | | BRADABRA : Bradabra 2.0 |
| | | CVSTRAC : CVSTrac 2.0 |
| | | ECLIPSEBB : EclipseBB 0.5 |
| | | FORODOMUS : Foro Domus 2.10 |
| | | CHERNOBILE : chernobiLe Portal 1.0 |
| | | ACGV : ACGVannu 1.3 |
| | | ACGV : ACGVclick 0.2 |
| | | XDEV : xNews 1.3 |
| | | DRUNKEN : Golem Portal 0.5 |
| | | XTSTATS : Xt-Stats 2.3 |
| | | AINS : AINS 0.02 |
| | | MYPHPCOMMANDER : MyPHPcommander 2.0 |
| | | PHPROXY : PHProxy 0.5 |
| | | ONNAC : Oh no! Not another CMS 0.0 |
| | | PHPUPLOADER : Tuan Do Uploader 6 |
| CVE: |  | CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) |
| | | CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.) |
| | | CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].) |
| | | CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) |
| | | CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) |
| | | CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.) |
| | | CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.) |
| | | CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) |
| | | CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.) |
| | | CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.) |
| | | CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.) |
| | | CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.) |
| | | CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) |
| | | CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.) |
| | | CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.) |
| | | CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.) |
| | | CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.) |
| | | CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.) |
| | | CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information.) |
| | | CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.) |
| | | CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.) |
| | | CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.) |
| | | CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.) |
| Original document |  | Ralf S. Engelschall, [Full-disclosure] CVSTrac 2.0.0 Denial of Service (DoS) vulnerability (30.01.2007) |
| | | Cold Zero, MyPHPcommander 2.0 (package.php) Remote File Include Vulnerability (29.01.2007) |
| | | ThE dE@Th, AINS 0.02b (ains_main.php ains_path) Remote File Include Vulnerability (29.01.2007) |
| | | ThE dE@Th, Xt-Stats v.2.4.0.b3 (server_base_dir) Remote File Include Vulnerability (29.01.2007) |
| | | adak.hacking_(at)_yahoo.com, nsGalPHP (includes/config.inc.php racineTBS) Remote Inclusion Vuln: (29.01.2007) |
| | | ajannhwt_(at)_hotmail.com, xNews 1.3 (xNews.php) Remote Blind SQL Injection Vulnerability (29.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ACGVclick <= 0.2.0 (path) Remote File Include Vulnerability (29.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ACGVannu <= 1.3 (index2.php) Remote User Pass Change Vulnerability (29.01.2007) |
| | | ajannhwt_(at)_hotmail.com, chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability (29.01.2007) |
| | | x0r0n_(at)_hotmail.com, PhP Generic library & framework (include_path) Remote File Include Exploit (29.01.2007) |
| | | GolD_M, Bradabra <= 2.0.5 (include/includes.php) Remote Inclusion Vulnerability (29.01.2007) |
| | | GolD_M, Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability (29.01.2007) |
| | | GolD_M, Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability (29.01.2007) |
| | | GolD_M, phpMyReports <= 3.0.11 (lib_head.php) Remote File Include Vulnerability (29.01.2007) |
| | | GolD_M, Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability (29.01.2007) |
