Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:7821
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMARTISOFT : phpListPro 2.0
 PAPOO : Papoo Light 3.6
 SITELLITE : Sitellite cms 4.2
 EASYNEWS : EasyNews Pro 4.0
 WSPORTAL : WSPortal 1.0
 UTOPIA : Utopia News Pro 1.4
 JNSHOSTS : PHP hosting Biller 1.0
 FUZZYLIME : fuzzylime Forum 1.01
 FUSETALK : FuseTalk 2.0
CVE:CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.)
 CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.)
 CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.)
Original documentdocumentCharles Kim, Fusetalk SQL injection submission. (18.06.2007)
 documentmaiosyet_(at), [email protected] (18.06.2007)
 documentmaiosyet_(at), fuzzylime (forum) XSS (18.06.2007)
 documentmaiosyet_(at), Webif.cgi local file inclusion (18.06.2007)
 documentrm_(at), PHP hosting Biller (18.06.2007)
 documentsecurityresearch_(at), [Full-disclosure] Utopia News Pro version 1.4.0 XSS Attack Vulnerability (18.06.2007)
 documentsecurityresearch_(at), [Full-disclosure] WSPortal version 1.0 SQL Injection Vulnerability (18.06.2007)
 documentsecurityresearch_(at), [Full-disclosure] WSPortal version 1.0 Path Disclosure Vulnerability (18.06.2007)
 documenttHe cReW n0 c0ntend3rs, [Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF (18.06.2007)
 documentCarcaBot_(at), Sitellite cms <= 4.2.12 RFI Vuln (18.06.2007)
 documentCorryL, PhpListPro Persistent XSS Vulnerability (18.06.2007)
 documentNico Leidecker, Papoo CMS - Multiple Cross Site Scripting (18.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod