Computer Security

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.06.2007
Source:
SecurityVulns ID:7821
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMARTISOFT : phpListPro 2.0
 PAPOO : Papoo Light 3.6
 SITELLITE : Sitellite cms 4.2
 EASYNEWS : EasyNews Pro 4.0
 WSPORTAL : WSPortal 1.0
 UTOPIA : Utopia News Pro 1.4
 JNSHOSTS : PHP hosting Biller 1.0
 FUZZYLIME : fuzzylime Forum 1.01
 FUSETALK : FuseTalk 2.0
CVE:CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.)
 CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.)
 CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.)
Original documentdocumentCharles Kim, Fusetalk SQL injection submission. (18.06.2007)
 documentmaiosyet_(at)_mawk.org, rm@calima.serapis.net (18.06.2007)
 documentmaiosyet_(at)_mawk.org, fuzzylime (forum) XSS (18.06.2007)
 documentmaiosyet_(at)_mawk.org, Webif.cgi local file inclusion (18.06.2007)
 documentrm_(at)_calima.serapis.net, PHP hosting Biller (18.06.2007)
 documentsecurityresearch_(at)_netvigilance.com, [Full-disclosure] Utopia News Pro version 1.4.0 XSS Attack Vulnerability (18.06.2007)
 documentsecurityresearch_(at)_netvigilance.com, [Full-disclosure] WSPortal version 1.0 SQL Injection Vulnerability (18.06.2007)
 documentsecurityresearch_(at)_netvigilance.com, [Full-disclosure] WSPortal version 1.0 Path Disclosure Vulnerability (18.06.2007)
 documenttHe cReW n0 c0ntend3rs, [Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF (18.06.2007)
 documentCarcaBot_(at)_CarcaBot.ro, Sitellite cms <= 4.2.12 RFI Vuln (18.06.2007)
 documentCorryL, PhpListPro Persistent XSS Vulnerability (18.06.2007)
 documentNico Leidecker, Papoo CMS - Multiple Cross Site Scripting (18.06.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server