Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 31.08.2006
Source:
SecurityVulns ID: 6559
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: OSCOMMERCE : osCommerce 2.2
EZCONTENTS : ezContents 2.0
IWEBNEGAR : IwebNegar 1.1
EXBB : ExBB 1.9
PHPATM : phpAtm 1.21
NUKEDKLAN : Nuked-Klan 1.7
CUBECART : CubeCart 3.0
MYBB : MyBB 1.1
HLSTATS : HLStats 1.34
ZTML : Ztml 1.0
YACS : YACS CMS 6.6
PHEAP : Pheap CMS 1.1
DMO : dmo 2.3
CVE: CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.)

Original document erdc_(at)_echo.or.id, [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion (31.08.2006)

SECUNIA, [SA21659] CubeCart Multiple Vulnerabilities (31.08.2006)

MILW0RM, phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities (31.08.2006)

document MILW0RM, YACS CMS <= 6.6.1 context[path_to_root] Remote File Include Vuln (31.08.2006)

Chris Travers, SQL-Ledger serious security vulnerability and workaround (31.08.2006)

Hessam Salehi, Ezportal/Ztml v1.0 Multiple vulnerabilities (31.08.2006)

Hessam Salehi, IwebNegar v1.1 Multiple vulnerabilities (31.08.2006)

document blwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006)

blwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006)

MC Iglo, XSS in HLstats 1.34 (31.08.2006)

farhad koosha, [KAPDA::#56] - FREEKOT SQL Injection Vulnerability (31.08.2006)

document gmdarkfig_(at)_gmail.com, ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS (31.08.2006)

Jonathan Rockway, feedsplitter considered harmful (31.08.2006)

imei, [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack (31.08.2006)

imei, [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack (31.08.2006)

Files: Exploit osCommerce < 2.2 Milestone 2 060817
Pheap CMS <= 1 (lpref) Remote File Include Exploit
Exploits DMO: Lanifex Database of Managed Objects <= 2.3 Beta (_incMgr) Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server