Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		13.12.2007
Source:
SecurityVulns ID:		8441
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Rotabanner: crossite scripting

Affected:		MKPORTAL : MKPortal 1.1
		WORDPRESS : WordPress 2.3
		BRAINHEAD : Brainhead 4.01
		SQUIRELMAIL : SquirrelMail GPG plugin 2.0
		SQUIRELMAIL : SquirrelMail GPG plugin 2.1
		ROUNDCUBE : RoundCube 0.1
		BITWEAVER : Bitweaver 2.0
		FALT4 : Falt4Extreme CMS RC4
		KAYAKO : Kayako SupportSuite
		HTDIG : htdig 3.2
CVE:		CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.)

Original document		Sw33t.h4cK3r_(at)_hotmail.com, SQL MKPortal M1.1 Rc1 (13.12.2007)
		imei, SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS (13.12.2007)
		Abel Cheung, WordPress Charset SQL injection vulnerability (re-resend) (13.12.2007)
		Liquidmatrix Security Digest, Advisory: Websense XSS Vulnerability (13.12.2007)
		bebe_(at)_gmail.com, SQL injection - GestDownV1.00Beta (13.12.2007)
		mesut_(at)_h-labs.org, Falt4 CMS Security Report/Advisory (13.12.2007)
		noreply_(at)_aria-security.net, bttlxeForum Multiple SQL Injection And Cross Site Scripting (13.12.2007)
		Hackers Center Security Group, Bitweaver XSS & SQL Injection Vulnerability (13.12.2007)
		kingoftheworld92_(at)_fastwebnet.it, Flat PHP Board <= 1.2 Multiple Vulnerabilities (13.12.2007)
		Tomas Kuliavas, Unsanitized scripting in RoundCube webmail (13.12.2007)
		Tomas Kuliavas, Two vulnerabilities in SquirrelMail GPG plugin (13.12.2007)
		brainheadbrainhead_(at)_gmx.de, webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability (13.12.2007)
		MustLive, Vulnerabilities in RotaBanner (13.12.2007)

Discuss:

Read or add your comments to this news (0 comments)