PHP, ASP, CGI web applications security vulnerabilities updated since 28.03.2005
Published:		03.04.2005
Source:
SecurityVulns ID:		4613
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected:		SUN : Answerbook2 1.4
		PAFILEDB : paFileDB 3.1
		INVISION : Invision Power Board 2.0
		ASPAPP : PortalApp
		HORDE : Horde 3.0
		PHPCOIN : phpCOIN 1.2
		PHOTOPOST : Photopost 5.0
		ASPRESS : ACS Blog 1.1
		MAGICSCRIPTS : E-Store Kit-2
		EXOOPS : exoops 1.0
		VLADERSOFT : Vladersoft Shopping 3.0
		MAILREADER : mailreader 2.3
		SMARTY : Smarty 2.6
		UAPPLICATION : Ublog 1.0
		CHATNESS : Chatness 2.5
		INTERAKT : MX Shop 1.1
		INTERAKT : MX Kart 1.1
		CPGNUKE : Dragonfly CMS 9.0
		YETANOTHERFORUM : Yet Another Forum.net 0.9
		ALSTRASOFT : EPay Pro 2.0
		ASPDEV : ASP-Dev Forum RC3

Original document		SECUNIA, [SA14701] XMB Script Insertion Vulnerabilities (07.04.2005)
		SECURITEAM, [NT] ASP-Dev Multiple Cross Site Scripting Vulnerabilities (03.04.2005)
		dcrab_(at)_hackerscenter.com, AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities (03.04.2005)
		maty siman, Yet Another Forum.net XSS vulnerabilities (03.04.2005)
		SECUNIA, [SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities (01.04.2005)
		SECUNIA, [SA14730] Horde Page Title Cross-Site Scripting Vulnerability (01.04.2005)
		SECUNIA, [SA14730] Horde Page Title Cross-Site Scripting Vulnerability (01.04.2005)
		SECUNIA, [SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities (01.04.2005)
		dcrab_(at)_hackerscenter.com, MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities (01.04.2005)
		hoang yen, Invision Power Board v2.0.3 XSS vulnerabilities (31.03.2005)
		dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in PortalApp (31.03.2005)
		Pedram hayati, [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities (31.03.2005)
		Antone Roundy, Code insertion in Blogger comments (31.03.2005)
		JeiAr, Multiple phpCoin Vulnerabilities (31.03.2005)
		Pedram hayati, [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities (31.03.2005)
		GENTOO, [ GLSA 200503-35 ] Smarty: Template vulnerability (31.03.2005)
		DEBIAN, [SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability (31.03.2005)
		dcrab_(at)_hackerscenter.com, PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability (31.03.2005)
		dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in Pay pal Storefront (31.03.2005)
		B00B00, Multiple XSS issues in Sun AnswerBook2 (31.03.2005)
		Dan Crowley, Multiple XSS vulnerabilities in ACS Blog (31.03.2005)
		dcrab_(at)_hackerscenter.com, Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) (31.03.2005)
		dcrab_(at)_hackerscenter.com, Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. (31.03.2005)
		dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 (31.03.2005)
		SECUNIA, [SA14697] exoops Cross-Site Scripting and SQL Injection Vulnerabilities (28.03.2005)
		CorryL, [Full-disclosure] THai's Shoutbox XSS (Spoofing URL) BUG (28.03.2005)
		dcrab_(at)_hackerscenter.com, File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition (28.03.2005)

Discuss:

Read or add your comments to this news (0 comments)