Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.08.2007
Source:
SecurityVulns ID:		8035
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		NEURONBLOG : Neuron Blog 1.1
		WORDPRESS : Pool 1.0 for Wordpress
		PHPCENTRAL : PHPCentral Login Script 1.0
		PHPCENTRAL : PHPCentral Poll Script 1.0
		JOBLISTER : JobLister 3
		EXV2DE : eXV2.de CMS 2.0
		PHPBLUEDRAGON : PHP Blue Dragon CMS 3.0
		DESKPRO : DeskPRO 3.0
CVE:		CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).)

Original document		Hackers Center Security Group, DeskPRO Admin Panel Multiple HTML Injections (14.08.2007)
		Emanuele Gentili, PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit) (14.08.2007)
		webmaster_(at)_i-s-o.org, eXV2.de Browser Cookie is not properly sanitised (14.08.2007)
		joseph.giron13_(at)_gmail.com, JobLister3 SQL injection vulnerabilities (14.08.2007)
		rizgar_(at)_linuxmail.org, Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability (14.08.2007)
		rizgar_(at)_linuxmail.org, PHPCentral Poll Script Remote Command Execution Vulnerability (14.08.2007)
		rizgar_(at)_linuxmail.org, PHPCentral Login Script Remote Command Execution Vulnerability (14.08.2007)
		MustLive, Vulnerability in theme Pool 1.0.7 for WordPress (14.08.2007)

Files:		Exploits PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability
Discuss:		Read or add your comments to this news (0 comments)