Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.05.2008
Published: 06.05.2008
Source:
SecurityVulns ID: 8968
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: BUGZILLA : Bugzilla 2.20
QTOFILEMANAGER : QTOFileManager 1.0
BUGZILLA : Bugzilla 2.22
LIFETYPE : LifeType 1.2
BUGZILLA : Bugzilla 3.0
BUGZILLA : Bugzilla 3.1
PHPMYADMIN : phpMyAdmin 2.11
RELAY : relay 1.0
MAIAN : Maian Uploader 4.0
ONLINERENT : Online Rental Property Script 4.5
POSTNUKE : pnEncyclopedia 0.2 module for PostNuke
ANSERV : Anserv Auction XL
SCOUTPORTAL : Scout Portal Toolkit 1.4
KMITA : Kmita Mail 3.0
KMITA : Kmita Tellfriend 2.0
CVE: CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.)

Original document BUGZILLA, Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 (06.05.2008)

hadihadi_zedehal_2006_(at)_yahoo.com, [ GLSA 200805-02 ] phpMyAdmin: Information disclosure (06.05.2008)

hadihadi_zedehal_2006_(at)_yahoo.com, QTOFileManager V 1.0<== Remote File Upload Vulnerability (06.05.2008)

document hadihadi_zedehal_2006_(at)_yahoo.com, Power Editor LOCAL FILE INCLUSION Vulnerbility (06.05.2008)

erdc_(at)_echo.or.id, [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability (06.05.2008)

erdc_(at)_echo.or.id, [ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability (06.05.2008)

document Jose Luis Góngora Fernández, Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit (06.05.2008)

erdc_(at)_echo.or.id, [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability (06.05.2008)

erdc_(at)_echo.or.id, [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability (06.05.2008)

document erdc_(at)_echo.or.id, [ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability (06.05.2008)

erdc_(at)_echo.or.id, [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability (06.05.2008)

irancrash_(at)_gmail.com, Maian Uploader v4.0 XSS Vulnerabilities (06.05.2008)

document irancrash_(at)_gmail.com, LifeType 1.2.8 (06.05.2008)

MustLive, SQL Injection in Relay (06.05.2008)

MustLive, SQL Injection and Cross-Site Scripting vulnerabilities in Relay (06.05.2008)

Files: Relay Blind SQL Injection Exploit
Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin