Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.10.2007
Source:
SecurityVulns ID:		8297
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: directory traversal in autohtml.php and autohtml0.php allows to obtain password hashes. By requesting non-existant file it's possible to disclosure installation directory.

Affected:		PHPNUKE : PHP-Nuke 8.1
		MICROLOGIN : Micro Login System 1.0

Original document		Guns_(at)_0x90.com.ar, Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability (28.10.2007)
		MustLive, Local File Inclusion and Information Leakage vulnerabilities in PHP-Nuke (28.10.2007)

Discuss:

Read or add your comments to this news (0 comments)