Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		11.01.2007
Source:
SecurityVulns ID:		7037
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		JSHOP : Jshop Server 1.3
		WORDPRESS : WordPress 2.0
		PHPMYADMIN : phpmyadmin 2.9
		SAZCART : SazCart 1.5
		CSCART : CS-Cart 1.3
		MOTIONBORG : MOTIONBORG Web Real Estate 2.1
		UNIFORUM : uniForum 4
		AXIOM : Axiom 0.8
		MEDIAWIKI : MediaWiki 1.6
		MEDIAWIKI : MediaWiki 1.7
		MEDIAWIKI : MediaWiki 1.8
CVE:		CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.)
		CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.)
		CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
		CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,)
		CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.)
		CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.)
		CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.)
		CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
		CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.)
		CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.)

Original document		info_(at)_burnhead.it, phpBB (privmsg.php) XSS Exploit (11.01.2007)
		irvian_(at)_presiden.com, Jshop Server 1.3 (11.01.2007)
		ajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (11.01.2007)
		ajannhwt_(at)_hotmail.com, MOTIONBORG Web Real Estate <= v2.1 Remote SQL Injection Vulnerability (11.01.2007)
		irvian, shop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability (11.01.2007)
		IbnuSina, sazcart v1.5 (cart.php) Remote File include (11.01.2007)
		ahmed_labib_hilmy_(at)_yahoo.com, CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability (11.01.2007)

Files:		Exploits Axiom 0.8.6 photo gallery (template.php)Remote File Include Vulnerability
		Wordpress <= 2.0.6 wp-trackback.php Zend_Hash_Del_Key_Or_Index sql injection admin hash disclosure exploit
Discuss:		Read or add your comments to this news (0 comments)