Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 13.04.2007
Source: BUGTRAQ
SecurityVulns ID: 7577
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: CHATNESS : Chatness 2.5
DOTCLEAR : Dotclear 1.2
OPENADS : Openads 2.0
OPENADS : Max Media Manager 0.1
OPENADS : Max Media Manager 0.3
MEPHISTO : mephisto 0.7
TUMUSIKA : TuMusika Evolution 1.6
PHPWEBNEWS : phpwebnews 1
FAC : FAC GuestBook 2.0
OPENADS : Max Media Manager 0.2
AFTERLOGIC : MailBee WebMail Pro 3.4
PHPNUKE : Virtual War 1.5 module for PHP-Nuke
CVE: CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.)
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.)

Original document Janek Vind, [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke (13.04.2007)

Aesthetico, [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue (13.04.2007)

nssimo nssimo, [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability (13.04.2007)

document Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed (13.04.2007)

Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed (13.04.2007)

the_3dit0r_(at)_yahoo.com, FAC GuestBook v2.0 remote database disclosure vulnerability (13.04.2007)

document the_3dit0r_(at)_yahoo.com, phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites (13.04.2007)

the_3dit0r_(at)_yahoo.com, TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy (13.04.2007)

Hanno Bock, Cross site scripting in mephisto 0.7.3 (13.04.2007)

Files: Exploits Chatness <= 2.5.3 - Arbitrary Code Execution
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin