Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		21.05.2007
Source:		BUGTRAQ
SecurityVulns ID:		7729
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		JETBOX : Jetbox CMS 2.1
		GNATS : Gnatsweb 4.00
		HLSTATS : HLstats 1.35
CVE:		CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.)

Original document		securityresearch_(at)_netvigilance.com, [Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities (21.05.2007)
		securityresearch_(at)_netvigilance.com, [Full-disclosure] Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities (21.05.2007)
		Cornelius Riemenschneider, [Full-disclosure] SQL-Injection in IP-TRACKING Mod for phpBB2.0.x (21.05.2007)
		john_(at)_martinelli.com, RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2 (21.05.2007)
		john_(at)_martinelli.com, RedLevel Advisory #016 - HLstats v1.35 Cross-Site Scripting Vulnerability (21.05.2007)
		r0t, Gnats XSS vuln (21.05.2007)

Files:		HLstats v1.35 - Cross-Site Scripting Vulnerability #2
Discuss:		Read or add your comments to this news (0 comments)