Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.12.2007
Published:		24.12.2007
Source:		BUGTRAQ
SecurityVulns ID:		8482
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress <= 2.0.9: crossite scripting.

Affected:		WBB : Woltlab Burning Board Lite 1.0
		CUREPHP : CuteNews 1.4
		TIKIWIKI : tikiwiki 1.9
		WORDPRESS : WordPress 2.0
		JUPITERPORTAL : Jupiter Cms 1.1
		ISUPPORT : iSupport 1.8
		ABI : ABI 3.7
		PHPICALENDAR : PHP iCalendar 2.24
		DOKEOS : Dokeos 1.8

Original document		malibu.r_(at)_hotmail.com, Logaholic Web Analytics Software (24.12.2007)
		admin_(at)_bugreport.ir, Jupiter Cms Multiple Vulnerabilities (24.12.2007)
		Janek Vind, [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 (24.12.2007)
		ISecAuditors Security Advisories, [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack (24.12.2007)
		mesut_(at)_h-labs.org, Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability (24.12.2007)
		beenudel1986_(at)_gmail.com, My Blog Rfi (24.12.2007)
		Hackers Center Security Group, [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities (24.12.2007)
		MustLive, Cross-Site Scripting vulnerabilities in WordPress (24.12.2007)
		root_(at)_hanicker.it, Moodle SQL Injection (21.12.2007)
		nbbn_(at)_gmx.net, Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability (21.12.2007)
		Jose Luis Góngora Fernández, PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability (21.12.2007)
		lolo lolo, SiteScape Forum TCL injection (21.12.2007)
		The-0utl4w-noreply_(at)_aria-security.net, [Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection (21.12.2007)
		ahcrew_(at)_gmail.com, iSupport v1.8 Local file include vulnerability (21.12.2007)

Discuss:

Read or add your comments to this news (0 comments)