Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		18.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8797
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPSTATS : phpstats 0.1
		IKIWIKI : ikiwiki 1.33
		IKIWIKI : ikiwiki 2.31
		EFORUM : eForum 0.4
		CPANEL : cPanel 11.18
CVE:		CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.)
		CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.)
		CVE-2008-0125

Original document		xx_hack_xx_2004_(at)_hotmail.com, cPanel 11.x => List Directories and Folders (18.03.2008)
		omnipresent_(at)_email.it, eForum 0.4 XSS (18.03.2008)
		DEBIAN, [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting (18.03.2008)
		Hanno Bock, Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125 (18.03.2008)

Discuss:

Read or add your comments to this news (0 comments)