Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2007
Published: 25.05.2007
Source:
SecurityVulns ID: 7737
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: BOASTMACHINE : BoastMachine 3.0
CUBECART : CubeCart 3.0
JETBOX : Jetbox CMS 2.1
WORDPRESS : WordPress 2.1
PSYCHOSTATS : PsychoStats 3.0
HLSTATS : HLstats 1.35
CLONUSWIKI : ClonusWiki 0.5
GMTT : GMTT Music Distro 1.2
PHPPGADMIN : phpPgAdmin 4.1
ABC : ABC Excel Parser 4.0
2ZPROJECT : 2z project 0.9
WIYS : WIYS 1.0
GFORGE : gforge-plugin-scmcvs 4.5
CVE: CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.)

Original document DEBIAN, [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution (25.05.2007)

vagrant Pest, WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW) (25.05.2007)

Janek Vind, [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5 (25.05.2007)

document the_3dit0r_(at)_yahoo.com, ABC Excel Parser Pro v4.0 Remote File Include Exploit (25.05.2007)

vagrant Pest, BoastMachine v3.0 platinum - Session İd Hacking (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability (25.05.2007)

document Cornelius Riemenschneider, SQL-Injection in IP-TRACKING Mod for phpBB2.0.x (25.05.2007)

the_3dit0r_(at)_yahoo.com, phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3 (25.05.2007)

document john_(at)_martinelli.com, RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2 (25.05.2007)

CorryL, GMTT Music Distro 1.2 XSS Exploit (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities (25.05.2007)

document Janek Vind, [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 (25.05.2007)

securityresearch_(at)_netvigilance.com, Jetbox CMS version 2.1 XSS Attack Vulnerability (25.05.2007)

john_(at)_martinelli.com, RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability (25.05.2007)

Files: Exploits ClonusWiki .5 - Cross-Site Scripting Vulnerability
Exploits HLstats v1.35 - Cross-Site Scripting Vulnerability #3
ABC Excel Parser v4.0 Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin