PHP, ASP, CGI web applications security vulnerabilities updated since 09.03.2005
Published:		13.03.2005
Source:
SecurityVulns ID:		4559
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected:		PHPBB : phpBB 2.0
		XOOPS : xoops 2.0
		PAFILEDB : paFileDB 3.1
		MCNEWS : mcNews 1.3
		PHPBB : UBBThreads 6.2
		PHORUM : Phorum 5.0
		PHPMYFAQ : phpMyFAQ 1.4
		HOSTINGCONTROLLE : Hosting Controller 6.1
		STADTAUS : Form Mail Script 2.3
		WFSECTIONS : wfsections 1.07
		PHPFUSION : PHP-Fusion 5.01
		PHPWEBLOG : phpWebLog 0.5
		PROJECTBB : ProjectBB 0.4
		OUTSTART : PE
		EXPERIENCE2 : eXPerience2
		SOCIALMPN : SocialMPN 1.2
		BERLIOS : iPhoto 0.2
		WEBINSTA : WEBInsta 1.3
		PHOTOPOST : Photopost 5.0
		HOLACMS : Hola CMS 1.4
		ACTIVECAMPAIGN : KnowledgeBase
		SPINWORKS : Spinworks Application Server 3.0

Original document		SECUNIA, [SA14579] Spinworks Application Server Web Server Denial of Service (14.03.2005)
		Francisco Alisson, KnowledgeBase (14.03.2005)
		farhad koosha, aeNovo Database Content Disclosure Vulnerability (14.03.2005)
		sp3x_(at)_securityreason.com, [SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB (14.03.2005)
		Virginity Security, Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access (13.03.2005)
		mozako, [badroot.org] The Includer remote commands execution exploit (13.03.2005)
		Igor Franchuk, PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities (13.03.2005)
		sp3x_(at)_securityreason.com, [SECURITYREASON.COM] SQL injection and XSS in paFileDB (13.03.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8] (13.03.2005)
		kreon, UBB.threads 6 SQL Injection (13.03.2005)
		SECUNIA, [SA14554] Phorum Unspecified Cross-Site Scripting Vulnerability (11.03.2005)
		kreon, Wfsection 1.07 vulnerabilities (11.03.2005)
		SECUNIA, [SA14550] WEBInsta Mailing list manager "absolute_path" Arbitrary File Inclusion (10.03.2005)
		SECUNIA, [SA14401] iPhoto CopperExport Plugin "xp_publish.php" SQL Injection (09.03.2005)
		SECUNIA, [SA14516] phpMyFaq "username" SQL Injection Vulnerability (09.03.2005)
		ahmad muammar, Remote Testing SocialMPN Remote File Inclusion by y3dips (09.03.2005)
		Francisco Alisson, Multiples Vulnerabilities (09.03.2005)
		Altrus Wollesen, PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.) (09.03.2005)
		benjilenoob_(at)_hotmail.com, failles dans ProjectBB v0.4.5.1 (09.03.2005)
		sp3x_(at)_securityreason.com, Multiple vulnerabilities in paFileDB (09.03.2005)
		pokleyzz, [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation (09.03.2005)
		Filip Groszynski, phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) (09.03.2005)
		Filip Groszynski, PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) (09.03.2005)
		FireSt0rm, PHP-FUSION 5.* XSS VULNERABILITY (09.03.2005)
		Some one, phpBB 2.0.13 - user level exploit (09.03.2005)
		mozako, PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit (09.03.2005)
		small mouse, Hosting Controller Multiple Unauthenticated information disclose (09.03.2005)

Discuss:

Read or add your comments to this news (0 comments)