Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2007
Published: 25.05.2007
Source:
SecurityVulns ID: 7737
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: BOASTMACHINE : BoastMachine 3.0
CUBECART : CubeCart 3.0
JETBOX : Jetbox CMS 2.1
WORDPRESS : WordPress 2.1
PSYCHOSTATS : PsychoStats 3.0
HLSTATS : HLstats 1.35
CLONUSWIKI : ClonusWiki 0.5
GMTT : GMTT Music Distro 1.2
PHPPGADMIN : phpPgAdmin 4.1
ABC : ABC Excel Parser 4.0
2ZPROJECT : 2z project 0.9
WIYS : WIYS 1.0
GFORGE : gforge-plugin-scmcvs 4.5
CVE: CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.)

Original document DEBIAN, [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution (25.05.2007)

vagrant Pest, WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW) (25.05.2007)

Janek Vind, [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5 (25.05.2007)

document the_3dit0r_(at)_yahoo.com, ABC Excel Parser Pro v4.0 Remote File Include Exploit (25.05.2007)

vagrant Pest, BoastMachine v3.0 platinum - Session İd Hacking (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability (25.05.2007)

document Cornelius Riemenschneider, SQL-Injection in IP-TRACKING Mod for phpBB2.0.x (25.05.2007)

the_3dit0r_(at)_yahoo.com, phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3 (25.05.2007)

document john_(at)_martinelli.com, RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2 (25.05.2007)

CorryL, GMTT Music Distro 1.2 XSS Exploit (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities (25.05.2007)

document Janek Vind, [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 (25.05.2007)

securityresearch_(at)_netvigilance.com, Jetbox CMS version 2.1 XSS Attack Vulnerability (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability (25.05.2007)

Files: Exploits ClonusWiki .5 - Cross-Site Scripting Vulnerability
Exploits HLstats v1.35 - Cross-Site Scripting Vulnerability #3
ABC Excel Parser v4.0 Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin