Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.05.2008
Published:06.05.2008
Source:
SecurityVulns ID:8968
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 2.20
 QTOFILEMANAGER : QTOFileManager 1.0
 BUGZILLA : Bugzilla 2.22
 LIFETYPE : LifeType 1.2
 BUGZILLA : Bugzilla 3.0
 BUGZILLA : Bugzilla 3.1
 PHPMYADMIN : phpMyAdmin 2.11
 RELAY : Relay 1.0
 MAIAN : Maian Uploader 4.0
 ONLINERENT : Online Rental Property Script 4.5
 POSTNUKE : pnEncyclopedia 0.2 module for PostNuke
 ANSERV : Anserv Auction XL
 SCOUTPORTAL : Scout Portal Toolkit 1.4
 KMITA : Kmita Mail 3.0
 KMITA : Kmita Tellfriend 2.0
CVE:CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.)
Original documentdocumentBUGZILLA, Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5 (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, [ GLSA 200805-02 ] phpMyAdmin: Information disclosure (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, QTOFileManager V 1.0<== Remote File Upload Vulnerability (06.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, Power Editor LOCAL FILE INCLUSION Vulnerbility (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_93$2008] Kmita Tellfriend <= 2.0 (file) Remote File Inclusion Vulnerability (06.05.2008)
 documentJose Luis Góngora Fernández, Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_92$2008] Anserv Auction XL (viewfaqs.php cat) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_90$2008] PostNuke Module pnEncyclopedia <= 0.2.0 (id) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_95$2008] BackLinkSpider (cat_id) Blind Sql Injection Vulnerability (06.05.2008)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability (06.05.2008)
 documentirancrash_(at)_gmail.com, Maian Uploader v4.0 XSS Vulnerabilities (06.05.2008)
 documentirancrash_(at)_gmail.com, LifeType 1.2.8 (06.05.2008)
 documentMustLive, SQL Injection in Relay (06.05.2008)
 documentMustLive, SQL Injection and Cross-Site Scripting vulnerabilities in Relay (06.05.2008)
Files:Relay Blind SQL Injection Exploit
 Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod