 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 02.03.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7332 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | WOLTLAB : Woltlab Burning Board 2.3 | | | | AWEBNEWS : aWebNews 1.1 | | | | VBULLETIN : vBulletin 3.6 | | | | PHPMYFAQ : phpmyfaq 1.6 | | | | ANGELLMS : Angel LMS 7.1 | | | | SERENDIPITY : Serendipity 1.1 | | | | BUILT2GO : Built2Go 1.0 | | | | MANI : Stats Reader 1.2 plugin for Mani | | | | SPAW : spaw 1.2 | | CVE: |  | CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.) | | | | CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.) | | | | CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.) | | | | CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.) | | | | CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.) |
|
|
|
|
|
|
|
|
