Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		20.05.2008
Source:		BUGTRAQ
SecurityVulns ID:		9006
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS

Affected:		PHPGEDVIEW : PhpGedView 4.0
		PHPGEDVIEW : PhpGedView 4.1
		INVISION : Invision Power Board 2.3
		APPSERV : AppServ Open Project 2.5
		ECMS : eCMS 0.4
		VBULLETIN : vBulletin 3.7
		STARSGAMES : Starsgames Control Panel 4.6
CVE:		CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors.)

Original document		tan_prathan_(at)_hotmail.com, Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability (20.05.2008)
		DEBIAN, [SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation (20.05.2008)
		a.jasbi_(at)_yahoo.com, Vbulletin 3.7.0 Gold >> Sql injection on faq.php (20.05.2008)
		hadihadi_zedehal_2006_(at)_yahoo.com, eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities (20.05.2008)
		tan_prathan_(at)_hotmail.com, AppServ Open Project < = 2.5.10 Remote XSS Vulnerability (20.05.2008)
		0in.email_(at)_gmail.com, Smeego CMS vulnerability (20.05.2008)
		tan_prathan_(at)_hotmail.com, Wordpress Malicious File Execution Vulnerability (20.05.2008)
		a.jasbi_(at)_yahoo.com, Cpanel all version >> root access with a reseller account. (20.05.2008)
		Noname, xss in ipb 2.3.5 (20.05.2008)

Files:		Smeego CMS Local File Include Exploit
Discuss:		Read or add your comments to this news (0 comments)