Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CGI bugs
updated since 29.12.2003
Published: 12.01.2004
Source: BUGTRAQ
SecurityVulns ID: 3336
Type: remote
Level: 5/10

Affected: PHPGROUPWARE : phpGroupWare 0.9
GALLERY : Gallery 1.3
PHORUM : Phorum 3.4
PHPNUKE : PHP-Nuke 7.0
PHPBB : phpBB 2.06
PHPPING : php-ping
MINIBB : miniBB 1.7
VCARD4J : vCard4J
STOITSOV : EasyDynamicPages 2.0
INVISION : Invision Power Board 1.3
POSTNUKE : PostNuke 0.726
HOTNEWS : HotNews 0.7
MANLIX : Manlix SW GuestBook 0.5
VBULLETIN : Vbulletin 2.3
PROMOSI-WEB : ArdGuest Standard 1.6
PHPGEDVIEW : PHPGEDVIEW 2.61
FREZNOSHPO : FreznoShop 1.3
JITTERBUG : jitterbug 1.6
CVE: CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.)

Original document DEBIAN, [Full-Disclosure] [SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution (12.01.2004)

SECURITEAM, [UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php) (09.01.2004)

Calum Power, Multiple Vulnerabilities in Phorum 3.4.5 (09.01.2004)

document Vietnamese Security Group, Vuln in PHPGEDVIEW 2.61 Multi-Problem (09.01.2004)

DEBIAN, [Full-Disclosure] [SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection (09.01.2004)

Frontal Attack, The Cross Site Scripting inArdGuest Standard (09.01.2004)

document Qianwei Hu, vBulletin Forum 2.3.xx calendar.php SQL Injection (06.01.2004)

Frontal Attack, cgi bugs (06.01.2004)

Dariusz 'Officerrr' Kolasinski, HotNews arbitary file inclusion (06.01.2004)

Security Corporation Security Advisory, [SCSA-025] Invision Power Board SQL Injection Vulnerability (06.01.2004)

document JeiAr, PostNuke Issues (0.726 && Possibly Older) (06.01.2004)

Security Corporation Security Advisory, [SCSA-025] Invision Power Board SQL Injection Vulnerability (04.01.2004)

Vietnamese Security Group, include() vuln in EasyDynamicPages v.2.0 (03.01.2004)

Just1n T1mberlake, Possible XSS vuln in VCard4J (03.01.2004)

document Jay Gates, SQL Injection in phpBB's groupcp.php (30.12.2003)

Chintan Trivedi, Cross Site Scripting vulnerability in miniBB 1.7 (latest) and earlier (30.12.2003)

Jens Liebchen, [Full-Disclosure] php-ping: Executing arbritary commands (29.12.2003)

r00t_(at)_rsteam.ru, PHP-NUKE 7.0 FINAL (and olders) sql injection (29.12.2003)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin