Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		03.08.2007
Source:
SecurityVulns ID:		7997
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		OPENWEBMAIL : OpenWebmail 2.52
		PLUCK : Pluck 4.3
		HUNKARAY : Hunkaray Okul Portali 1.1
		JOOMLA : Tour de France Pool 1.0
		LANAI : la-nai cms 1.2
		DVDRENTALSYSTEMS : DVD Rental System 5.1

Original document		edi.strosar_(at)_varnostne-novice.com, [Full-disclosure] DVD Rental System multiple XSS and CSRF vulnerabilities (03.08.2007)
		Advisory_(at)_Aria-Security.net, [Aria-Security.Net] Gallery In A Box Username & Password Parameters SQL Injection (03.08.2007)
		Advisory_(at)_Aria-Security.net, [Aria-Security.Net] Next Gen Portfolio Manager SQL Injection (03.08.2007)
		k1tk4t_(at)_newhack.org, la-nai cms_v1.2.14 - Remote SQL Injection (03.08.2007)
		okan alp, Dynamic PressRelease/getpress.asp sql injection (03.08.2007)
		okan alp, DynamicData(dms)Document&Article Script /dm_browse.asp.asp sql injection (03.08.2007)
		yollubunlar_(at)_yollubunlar.org, our de France Pool 1.0.1 Remote File İnclude Bug (03.08.2007)
		yollubunlar_(at)_yollubunlar.org, Hunkaray Okul Portali v1.1 (tr) Sql injection Vuln (03.08.2007)
		no-reply_(at)_aria-security.net, Pluck 4.3 themes.php Remote File Inclusion and disclosure (03.08.2007)
		r0t, OpenWebMail Multiple XSS vuln. (03.08.2007)

Discuss:

Read or add your comments to this news (0 comments)