Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		16.12.2007
Source:
SecurityVulns ID:		8453
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: information leakage

Affected:		PHPAY : Phpay 2.02
		HOSTINGCONTROLLE : Hosting Controller 6.1
		WORDPRESS : WordPress 2.2
		WORDPRESS : WordPress 2.3
		TRIVIANTIS : CourseMill 4.1
		BANEX : Banner Exchange 2.2
		CENTREON : Centreon 1.4
		OREON : Oreon 1.4
		PHPRPG : PHP RPG 0.8
		ANONPROXYSERVER : Anon Proxy Server 0.100
CVE:		CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.)

Original document		admin_(at)_biyofrm.com, Adult Script Unauthorized Administrative Access Exploit (16.12.2007)
		MustLive, Information disclosure vulnerabilities in WordPress (16.12.2007)
		th3.r00k_(at)_gmail.com, Anon Proxy Server - Remote Code Execution (16.12.2007)
		th3.r00k_(at)_gmail.com, Wordpress - Broken Access Control (16.12.2007)
		th3.r00k_(at)_gmail.com, PHP RPG - Sql Injection and Session Information Disclosure. (16.12.2007)
		th3.r00k_(at)_gmail.com, Oreon/Centreon - Multiple Remote File Inclusion (16.12.2007)
		th3.r00k_(at)_gmail.com, Phpay - Local File Inclusion (16.12.2007)
		arsalan1991_(at)_gmail.com, PHP MySQL Banner Exchange 2.2.1 remote mysql database bug (16.12.2007)
		swhite_(at)_securestate.com, + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 (16.12.2007)
		admin_(at)_bugreport.ir, Hosting Controller - Multiple Security Bugs (Extremely Critical) (16.12.2007)

Discuss:

Read or add your comments to this news (0 comments)