Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:8598
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: SQL injection and crossite scripting.
Affected:WOLTLAB : Woltlab Burning Board 2.3
 TIKIWIKI : tikiwiki 1.9
 RELAY : Relay 1.0
 WORDPRESS : Dean’s Permalinks Migration 1.0
 WEBWIZ : Web Wiz Forums 9.07
 WEBWIZ : Web Wiz Rich Text Editor 4.0
 WEBWIZ : Web Wiz NewsPad 1.02
CVE:CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.)
 CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.)
 CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.)
Original documentdocument0in.email_(at), Tiger PHP News System SQL Injection (24.01.2008)
 documentGENTOO, [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities (24.01.2008)
 documentnbbn_(at), Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability (24.01.2008)
 documentadmin_(at), Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server (24.01.2008)
 documentadmin_(at), Web Wiz NewsPad Directory traversal (24.01.2008)
 documentadmin_(at), Web Wiz Forums Directory traversal (24.01.2008)
 documentg30rg3_x, XSRF under Dean’s Permalinks Migration 1.0 (24.01.2008)
 documentMustLive, New vulnerabilities in Relay (24.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod