 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 12.09.2006 | | Source: |  | | | SecurityVulns ID: |  | 6599 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | SIPS : SIPS 0.2 | | | | POPPER : Popper 1.41 | | | | TIKIWIKI : tikiwiki 1.9 | | | | CNEWS : C-News 1.0 | | | | PHPLINKEXCHANGE : PhpLinkExchange 1.0 | | | | RAIDENHTTPD : RaidenHTTPD 1.1. | | | | CCLEAGUE : CCleague Pro Sports CMS 1.0 | | | | VIVVO : Vivvo Article Manager 3.2 | | | | SOCKETWIZ : Socketwiz Bookmarks 2.0 | | | | OPENICMS : OPENi-CMS 1.0 | | | | P4CMS : p4CMS 1.05 |
| Original document |  | SHiKaA-_(at)_hotmail.com, p4CMS <= v1.05 (abs_pfad) Remote File Inclusion Exploit (12.09.2006) |
| | | SHiKaA-_(at)_hotmail.com, Popper <= v1.41 (form) Remote File Inclusion Exploit (12.09.2006) |
| | | SECUNIA, [SA21826] Stefan E. Newsscript Multiple Vulnerabilities (12.09.2006) |
| | | basher13_(at)_linuxmail.org, OPENi-CMS 1.0.1(config) Remote File Inclusion Vulnerability (12.09.2006) |
| | | info_(at)_kahramanhost.com, phpWordPress (Vivvo Article Manager) (12.09.2006) |
| | | info_(at)_kahramanhost.com, phpWordPress (Vivvo Article Manager) (12.09.2006) |
| | | Omid, Sql injection in Tikiwiki (12.09.2006) |
| | | chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #8 - Mcgallerypro (path_to_folder) Remote File Inclusion (12.09.2006) |
| | | the.leo.008_(at)_gmail.com, C-News v 1.0.1 < = Multiple Remote File Include Vulnerabilities (12.09.2006) |
| | | the.leo.008_(at)_gmail.com, SIPS v 0.2.2 < = Remote File Include Vulnerability (12.09.2006) |
| | | HACKERS PAL, HotPlug CMS Config File Include Vulnerability (12.09.2006) |
| | | l0x3_(at)_hotmail.com, PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities (12.09.2006) |
| Invalid Lotus Domino Web access sesssion cookie handling | | Published: | | 12.09.2006 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 6601 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Server accepts session cookie after user logout. |
| Affected: | | IBM : Lotus Domino Web Access 7.0 | | CVE: |  | CVE-2007-1740 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4843. Reason: This candidate is a duplicate of CVE-2006-4843. Notes: All CVE users should reference CVE-2006-4843 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.) | | | | CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.) |
| |
|
| |
