Search:Vulnerability:22.04.2007

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.04.2007
Published:		22.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7622
Type:		remote
Threat Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INVISION : Invision Power Board 2.1
		PHORUM : Phorum 5.1
		ECLIPSEBB : EclipseBB 0.5
		GIZZAR : Gizzar 03162002
		NUKEEVOLUTION : Nuke-Evolution 2.0
		PHPBB : Extreme 3.0 phpBB module
		INVISION : Invision Power Board 2.2
		NEATUPLOAD : NeatUpload 1.2
		EBASCRIPTS : Eba News 1.1
		FREEPBX : freePBX 2.2

Original document		XenoMuta, [Full-disclosure] freePBX 2.2.x's Music-on-hold Remote Code Execution Injection (22.04.2007)
		seko_(at)_se-ko.info, Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org (20.04.2007)
		dean_(at)_brettle.com, NeatUpload vulnerability and fix (20.04.2007)
		Janek Vind, [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20 (20.04.2007)
		HACKERS PAL, IPB (Invision Power Board) Full Path Disclusure (20.04.2007)
		john_(at)_martinelli.com, NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities (20.04.2007)
		HACKERS PAL, Extreme PHPBB2 Remote File Inclusion (20.04.2007)
		HACKERS PAL, EclipseBB Remote File Inclusion (20.04.2007)
		HACKERS PAL, FullyModdedphpBB2 Remote File Inclusion (20.04.2007)
		HACKERS PAL, MediaBeez Sql query Execution .. Wear isn't ?? :) (20.04.2007)
		programmer_(at)_serbiansite.com, NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections (20.04.2007)
		BorN To K!LL BorN To K!LL, Gizzar <= (basePath) Remote File Include Vulnerability (20.04.2007)

Files:		Exploits MediaBeez Sql Query Execution
		Fully Moded PHPBB2 Command Execution Exploit
		EclipseBB Command Execution Exploit
		Extreme PHPBB2 Command Execution Exploit