Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:8453
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: information leakage
Affected:PHPAY : Phpay 2.02
 HOSTINGCONTROLLE : Hosting Controller 6.1
 WORDPRESS : WordPress 2.2
 WORDPRESS : WordPress 2.3
 TRIVIANTIS : CourseMill 4.1
 BANEX : Banner Exchange 2.2
 MERETHIS : Centreon 1.4
 OREON : Oreon 1.4
 ANONPROXYSERVER : Anon Proxy Server 0.100
CVE:CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.)
Original documentdocumentadmin_(at), Adult Script Unauthorized Administrative Access Exploit (16.12.2007)
 documentMustLive, Information disclosure vulnerabilities in WordPress (16.12.2007)
 documentth3.r00k_(at), Anon Proxy Server - Remote Code Execution (16.12.2007)
 documentth3.r00k_(at), Wordpress - Broken Access Control (16.12.2007)
 documentth3.r00k_(at), PHP RPG - Sql Injection and Session Information Disclosure. (16.12.2007)
 documentth3.r00k_(at), Oreon/Centreon - Multiple Remote File Inclusion (16.12.2007)
 documentth3.r00k_(at), Phpay - Local File Inclusion (16.12.2007)
 documentarsalan1991_(at), PHP MySQL Banner Exchange 2.2.1 remote mysql database bug (16.12.2007)
 documentswhite_(at), + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 (16.12.2007)
 documentadmin_(at), Hosting Controller - Multiple Security Bugs (Extremely Critical) (16.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod