Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 20.12.2006
Source:
SecurityVulns ID: 6960
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: WAGORA : W-Agora 4.1
NOVELL : Netware 6.5
VALDERSOFT : Valdersoft Shopping Cart 3.0
TYPO3 : TYPO3 4.0
EYEOS : eyeOS 0.9
OBIEWEBSITE : Mini Web Shop 2.1
PARISTEMI : Paristemi 0.8
PHPPROFILES : phpProfiles 3.1
AZUCARCMS : Azucar CMS 1.3
CWMDESIGN : cwmVote 1.0
CWMDESIGN : cwmExplorer 1.0
CWMDESIGN : cwmCounter 1.0
VERLIADMIN : VerliAdmin 0.3
CVE: CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.)
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.)

Original document SECUNIA, [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability (20.12.2006)

SECUNIA, [SA23388] eyeOS File Upload Vulnerability (20.12.2006)

ajannhwt_(at)_hotmail.com, cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability (20.12.2006)

bd0rk_(at)_hackermail.com, cwmVote 1.0 File Include Vulnerability (20.12.2006)

document Cold Zero, PHPFanBase (protection.php) Remote File Include Vulnerability (20.12.2006)

nuffsaid, Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability (20.12.2006)

nuffsaid, phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities (20.12.2006)

nuffsaid, Paristemi 0.8.3b (buycd.php) Remote File Include Vulnerability (20.12.2006)

document bilkopat_(at)_hotmail.com, Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include (20.12.2006)

Daniel Fabian, [Full-disclosure] SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability (20.12.2006)

xx_hack_xx_2004_(at)_hotmail.com, Multiple Bugs in MINI WEB SHOP (20.12.2006)

document ShaFuq31_(at)_HoTMaiL.CoM, Burak Yilmaz Download Portal Sql Injection Vuln. (20.12.2006)

l.d.0_(at)_hotmail.com, xss in Support Cards v1 ( oSTicket ) (20.12.2006)

MustLive, Vulnerabilities в W-Agora (20.12.2006)

webmaster666_(at)_email.it, MkPortal Urlobox Cross Site Request Forgery (20.12.2006)

Files: Exploits PHPUpdate <= 2.7 extract() auth bypass / shell inject
VerliAdmin <= 0.3 File Include Exploit
cwmCounter Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod