Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		21.11.2007
Source:
SecurityVulns ID:		8368
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: CAPTCHA protection bypass.

Affected:		NUCLEUS : Nucleus 3.01
		PHPMYADMIN : phpMyAdmin 2.11
CVE:		CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.)
		CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.)

Original document		no-reply_(at)_aria-security.net, [Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection (21.11.2007)
		no-reply_(at)_aria-security.net, Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection (21.11.2007)
		MANDRIVA, [ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities (21.11.2007)
		MustLive, MoBiC-20: Nucleus CAPTCHA bypass (21.11.2007)

Discuss:

Read or add your comments to this news (0 comments)