Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		03.04.2009
Source:
SecurityVulns ID:		9793
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MOODLE : Moodle 1.8
		MOODLE : Moodle 1.9
		OPENX : OpenX 2.6
		FAMILYCMS : Family Connections 1.8
		ASBRUSOFT : Asbru Web Content Management 6.5
		ASBRUSOFT : Asbru Web Content Management 6.6
		FILETHINGIE : File Thingie 2.5
		OPENX : OpenX 2.7
		Q2SOLUTIONS : ConnX 4.0
CVE:		CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.)

Original document		rgod, glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit (03.04.2009)
		Patrick Webster, Q2 Solutions ConnX - SQL Injection Vulnerability (03.04.2009)
		OPENX, [OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities (03.04.2009)
		publists_(at)_enablesecurity.com, OpenX 2.6.4 multiple vulnerabilities (03.04.2009)
		laurent.desaulniers_(at)_gmail.com, OSCommerce Session Fixation Vulnerability (03.04.2009)
		XiaShing_(at)_gmail.com, Remote access vulnerability using File Thingie v2.5.4 (03.04.2009)
		Salvatore "drosophila" Fresta, Family Connections 1.8.2 Arbitrary File Upload (03.04.2009)
		Patrick Webster, Asbru Web Content Management Vulnerabilities (03.04.2009)
		DEBIAN, [SECURITY] [DSA 1761-1] New moodle packages fix file disclosure (03.04.2009)

Files:		Family Connections <= 1.8.2 - Remote Shell Upload Exploit
		glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
Discuss:		Read or add your comments to this news (0 comments)