Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		06.10.2008
Source:
SecurityVulns ID:		9332
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		IFOTO : iFoto 1.0
		CMME : CMME 1.19
		HAMMERSOFTWARE : MetaGauge 1.0
		MONO : Mono 2.0
		PHPWEBEXPLORER : PHPWebExplorer 0.99
CVE:		CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.)
		CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.)

Original document		Brad Antoniewicz, PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability (06.10.2008)
		Brad Antoniewicz, MetaGauge 1.0.0.17 Directory Traversal (06.10.2008)
		admin_(at)_bugreport.ir, CMME Multiple Information disclosure vulnerabilities (06.10.2008)
		Pepelux, iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability (06.10.2008)
		Ghost hacker, Website Directory - XSS Exploit (06.10.2008)

Files:		Website Directory - XSS Exploit
Discuss:		Read or add your comments to this news (0 comments)