Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.12.2007
Source:
SecurityVulns ID:8441
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Rotabanner: crossite scripting
Affected:MKPORTAL : MKPortal 1.1
 WORDPRESS : WordPress 2.3
 BRAINHEAD : Brainhead 4.01
 SQUIRELMAIL : SquirrelMail GPG plugin 2.0
 SQUIRELMAIL : SquirrelMail GPG plugin 2.1
 ROUNDCUBE : RoundCube 0.1
 BITWEAVER : Bitweaver 2.0
 FALT4 : Falt4Extreme CMS RC4
 KAYAKO : Kayako SupportSuite
 HTDIG : htdig 3.2
CVE:CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.)
Original documentdocumentSw33t.h4cK3r_(at)_hotmail.com, SQL MKPortal M1.1 Rc1 (13.12.2007)
 documentimei, SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS (13.12.2007)
 documentAbel Cheung, WordPress Charset SQL injection vulnerability (re-resend) (13.12.2007)
 documentLiquidmatrix Security Digest, Advisory: Websense XSS Vulnerability (13.12.2007)
 documentbebe_(at)_gmail.com, SQL injection - GestDownV1.00Beta (13.12.2007)
 documentmesut_(at)_h-labs.org, Falt4 CMS Security Report/Advisory (13.12.2007)
 documentnoreply_(at)_aria-security.net, bttlxeForum Multiple SQL Injection And Cross Site Scripting (13.12.2007)
 documentHackers Center Security Group, Bitweaver XSS & SQL Injection Vulnerability (13.12.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, Flat PHP Board <= 1.2 Multiple Vulnerabilities (13.12.2007)
 documentTomas Kuliavas, Unsanitized scripting in RoundCube webmail (13.12.2007)
 documentTomas Kuliavas, Two vulnerabilities in SquirrelMail GPG plugin (13.12.2007)
 documentbrainheadbrainhead_(at)_gmx.de, webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability (13.12.2007)
 documentMustLive, Vulnerabilities in RotaBanner (13.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod