Computer Security

Search:Vulnerability:20.11.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 14.11.2005
Published:20.11.2005
Source:
SecurityVulns ID:5446
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBB : MyBB 1.0
 PHPMYFAQ : phpMyFAQ 1.5
 PEEL : PEEL 2.6
 PEEL : PEEL 2.7
 COGILENT : iCMS
 PHPSYSINFO : phpSysInfo 2.4
 CODEGRRL : PHPCalendar 1.0
 CODEGRRL : PHPClique 1.0
 CODEGRRL : PHPCurrently 2.0
 CODEGRRL : PHPFanBase 2.1
 CODEGRRL : PHPQuotes 1.0
 POLLVOTE : PollVote
 FIPSCMS : fipsCMS
 EKINBOARD : EKINboard 1.0
 MIDICART : MIDICART
 WALLA : Walla TeleSite 3.0
 PHPGEN : PHP GEN 1.2
 ARKIDB : Arki-DB 1.0
 REVIZECMS : Revize CMS 4.0
 URESK : Uresk Links 2.0
 MAGICWINMAIL : Winmail Server 4.2
 VPASP : VP-ASP Shopping Cart 5.50
 PHPCOMASY : phpComasy 0.7
 PHPWCMS : phpwcms 1.2
 CLASS1 : class-1 Poll 0.4
 ALSTRASOFT : Template Seller Pro 3.25
 ALSTRASOFT : Affiliate Network Pro 7.2
 EXOSCRIPTS : ExoPHPDesk 1.2
 CYPHOR : Cyphor 0.19
 PHPWEBTHINGS : PHPWebthings 1.4
 WIZZCOMPUTERS : Wizz Forum 1.20
 PHPMYADMIN : phpmyadmin 2.7
 ACID : ACID 0.9
 HELPCENTERLIVE : Help Center Live 2.0
 WHMAUTOPILOT : WHM AutoPilot 2.5
 INTERSPIRE : ArticleLive NX 0.3
 EAZYCMS : eazyCMS 2
 PHPADSNEW : phpAdsNew 2.0
 HORDE : Horde 2.2
 XMB : XMB 1.9
 CLASS1 : Class-1 0.24
 XOOPS : XOOPS 2.2
 PHPNUKE : PHP-Nuke 7.8
 UNCLASSIFIED : Unclassified NewsBoard 1.5
 3CFR : 3CFR
CVE:CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.)
Original documentdocumentgroup_(at)_soulblack.com.ar, [Full-disclosure] ExoPHPDesk is helpdesk written in PHP/SQL. (20.11.2005)
 documenttk_(at)_trapkit.de, [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ (20.11.2005)
 documentr0t, phpComasy "id" SQL Injection Vulnerability (20.11.2005)
 documentSECUNIA, [SA17614] Unclassified NewsBoard "DateFrom" SQL Injection Vulnerability (18.11.2005)
 documentSECUNIA, [SA17602] VP-ASP Shopping Cart "UserName" Cross-Site Scripting Vulnerability (18.11.2005)
 documentSECUNIA, [Full-disclosure] Secunia Research: Winmail Server Multiple Vulnerabilities (18.11.2005)
 documentr0t, eazyCMS "page_id" SQL Injection Vulnerability (18.11.2005)
 documentSECUNIA, [SA17625] Uresk Links Missing Administration Authentication (18.11.2005)
 documentSECUNIA, [SA17627] Arki-DB "catid" SQL Injection Vulnerability (18.11.2005)
 documentalireza hassani, [KAPDA::#13] - XMB HTML Injection & Path Disclosure. (18.11.2005)
 documentSECUNIA, [SA17585] Interspire ArticleLive NX "Query" SQL Injection Vulnerability (17.11.2005)
 documentr0t, class-1 Poll Software Multiple SQL Injection Vulnerabilities. (17.11.2005)
 documentr0t, Multiple SQL Injection Vulnerabilities in class-1 Forum Software (v 0.24.4) (17.11.2005)
 documentAgna Zilchi, [Full-disclosure] WMH AutoPilot: Unauthorized hosting account cancellation request (17.11.2005)
 documentSECUNIA, [SA17580] Help Center Live "file" Local File Inclusion Vulnerability (16.11.2005)
 documentSECUNIA, [SA17582] AudienceView "TSerrorMessage" Cross-Site Scripting Vulnerability (16.11.2005)
 documentSECUNIA, [SA17560] PHP GEN Cross-Site Scripting Vulnerabilities (16.11.2005)
 documentbad boy, [Full-disclosure] mambo remote code sexecution (16.11.2005)
 documentsp3x_(at)_securityreason.com, Critical SQL Injection PHPNuke <= 7.8 (16.11.2005)
 documentr.verton_(at)_gmail.com, Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS (16.11.2005)
 documentr.verton_(at)_gmail.com, Template Seller Pro 3.25 (16.11.2005)
 documentSteve, PHPWCMS - Directory traversal vulnerability,CSS attack (16.11.2005)
 documentSECUNIA, [SA17552] ACID Cross-Site Scripting and SQL Injection Vulnerabilities (15.11.2005)
 documentToni Koivunen, [Full-disclosure] [FS-05-02] Multiple vulnerabilities in phpMyAdmin (15.11.2005)
 documentbhs_team_(at)_yahoo.com, 1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin (15.11.2005)
 documents2b_(at)_hotmail.com, Multible Sql injections in Wizz Forum (15.11.2005)
 documentsinneR, Walla TeleSite Multiple Vulnerabilities (15.11.2005)
 documents2b_(at)_hotmail.com, Cyphor (Release: 0.19) Sql injection (15.11.2005)
 documentcrazy frog, Midicart sql injection (15.11.2005)
 documentPreben Nylokken, [KAPDA::#12] - ekinboard XSS and HTML Injection (15.11.2005)
 documentPreben Nylokken, fipsCMS light - vulnerable to script injection. (15.11.2005)
 documentretrogod_(at)_aliceposta.it, XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads module v 2.05 SQL Injection (15.11.2005)
 documentr.verton_(at)_gmail.com, PHPCalendar (and some more codegrrl.com products) arbitrary code execution (15.11.2005)
 documentstormhacker_(at)_hotmail.com, PollVote Remote File Inclusion (15.11.2005)
 documentAugust Christopher, Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005) (15.11.2005)
 documentA.1.M_(at)_Hotmail.com, SQL injection in phpWebThing 1.4.4 (15.11.2005)
 documentSieg Fried, ZRCSA-200502 - phpAdsNew SQL Injection Vulnerabilities (15.11.2005)
 documentSECUNIA, [SA17542] CodeGrrl Products "siteurl" File Inclusion Vulnerability (14.11.2005)
 documentSECUNIA, [SA17468] Horde Error Messages Cross-Site Scripting Vulnerability (14.11.2005)
 documentChristopher Kunz, [Full-disclosure] Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (14.11.2005)
 documentr0t, iCMS Remote File Include Vulnerability (14.11.2005)
 documentr0t, PEEL 2.x sql injection (14.11.2005)
 documentr0t, Sql injection in 3CFR (14.11.2005)
Files:XOOPS WF_Downloads Module v 2.05 SQL injection Admin credentials disclosure & remote commands execution all-in-one exploit
 Wizz Forum SQL Injection Exploit
Discuss:Read or add your comments to this news (0 comments)

Novell Netmail mail server buffer overflow
Published:20.11.2005
Source:FULL-DISCLOSURE
SecurityVulns ID:5465
Type:remote
Level:6/10
Description:Buffer overflow on IMAP commands parsing.
Affected:NOVELL : NetMail 3.5
Original documentdocumentZDI, [Full-disclosure] ZDI-05-003: Novell NetMail IMAPD Buffer Overflows (20.11.2005)
Discuss:Read or add your comments to this news (0 comments)

Hitachi Groupmax Mail SMTP server DoS
Published:20.11.2005
Source:SECUNIA
SecurityVulns ID:5466
Type:remote
Level:5/10
Affected:HITACHI : Groupmax Mail 6
 HITACHI : Groupmax Mail 7
Original documentdocumentSECUNIA, [SA17635] Hitachi Groupmax Mail Denial of Service Vulnerability (20.11.2005)
Discuss:Read or add your comments to this news (0 comments)

Hitachi Web applications crossite scripting and DoS
Published:20.11.2005
Source:
SecurityVulns ID:5467
Type:remote
Level:5/10
Affected:HITACHI : Cosminexus 6
 HITACHI : Groupmax Collaboration Portal 6
 HITACHI : Groupmax Collaboration Web Client 7
Original documentdocumentSECUNIA, [SA17634] Hitachi Products Cross-Site Scripting and Denial of Service (20.11.2005)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru