Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		18.03.2006
Source:
SecurityVulns ID:		5905
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INVISION : Invision Power Board 2.0
		WSDELUXE : NMDeluxe 1.0
		MYBB : MyBB 1.10
		PHPMYADMIN : phpmyadmin 2.8

Original document		SECUNIA, [SA19277] phpMyAdmin "set_theme" Cross-Site Scripting (18.03.2006)
		o.y.6_(at)_hotmail.com, MyBB 1.10 Full Path Disclosure (18.03.2006)
		Aliaksandr Hartsuyeu, [eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities (18.03.2006)
		r00t3rr0r_(at)_gmail.com, Oxynews Sql İnjection (18.03.2006)
		???? ????, XSS IN Invision Power Board (18.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Commerce Server authentication bypass
Published:		18.03.2006
Source:		BUGTRAQ
SecurityVulns ID:		5907
Type:		remote
Level:		5/10
Description:		It's possible to login with known username without password. Fixed with Service Pack 2.

Affected:

MICROSOFT : Commerce Server 2002

Original document

Dimitri, Microsoft Commerce Server 2002: Logon as known user with a false password (18.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Symantec Veritas Backup Exec backup agent vulnerabilities updated since 18.03.2006
Published:		21.03.2006
Source:		BUGTRAQ
SecurityVulns ID:		5906
Type:		remote
Level:		5/10
Description:		DoS, format string vulnerabilities.

Affected:		VERITAS : Backup Exec 9.1
		VERITAS : Backup Exec 10.0
		VERITAS : Backup Exec 9.2
		VERITAS : Backup Exec 10.1

Original document		SYMANTEC, Symantec Security Advisory, SYM06-005 (21.03.2006)
		SYMANTEC, Symantec Security Advisory SYM06-004 (18.03.2006)

Discuss:

Read or add your comments to this news (0 comments)