Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		27.05.2008
Source:
SecurityVulns ID:		9026
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		ZINA : Zina 1.0
		ROOMPHPLANNING : RoomPHPlanning 1.5
		REPAIRONLINE : Repair Online 1.2
		CAMPUSBULLETINBO : Campus Bulletin Board 1.2
		ABLESPACE : Ablespace 1.0
		CLASSSYSTEM : Class System 2.3
		MINIOPENCMS : Mini-CWB 2.1
		PHPFIX : phpFix 2

Original document		unohope_(at)_chroot.org, Excuse Online (pwd) SQL Injection Vulnerability (27.05.2008)
		unohope_(at)_chroot.org, phpFix v2 Multiple SQL Injection Vulnerability (27.05.2008)
		tan_prathan_(at)_hotmail.com, Mini-CWB <= 2.1.1 Remote XSS Vulnerability (27.05.2008)
		unohope_(at)_chroot.org, Class System v2.3 Multiple Remote Vulnerabilities (27.05.2008)
		a.jasbi_(at)_yahoo.com, Ablespace 1.0 'cat_id' Parameter SQL Injection Vulnerability (27.05.2008)
		unohope_(at)_chroot.org, Campus Bulletin Board v3.4 Multiple Remote Vulnerabilities (27.05.2008)
		unohope_(at)_chroot.org, Repair Online v1.2 (sentout) Create Admin Vulnerability (27.05.2008)
		irancrash_(at)_gmail.com, Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability (27.05.2008)
		hadihadi_zedehal_2006_(at)_yahoo.com, RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability (27.05.2008)

Discuss:

Read or add your comments to this news (0 comments)

PHP Sleep() DoS
Published:		27.05.2008
Source:		BUGTRAQ
SecurityVulns ID:		9027
Type:		local
Level:		3/10
Description:		Sleep() time is not limited with max_execution_time, making resources exhaustion possible.

Original document

gogulas_(at)_wp.pl, function sleep() in all versions of PHP (27.05.2008)

Discuss:

Read or add your comments to this news (0 comments)