Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
Published:		30.11.2005
Source:
SecurityVulns ID:		5491
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, mb_send_mail() message headers modification, etc.

Affected:		MAMBOSERVER : Mambo Server 4.5
		ASPRIDER : ASP-Rider 1.6
		BROTHERSOFT : Shop-Script 2.0
		PHPALBUM : phpAlbum 0.2
		INSTANTPHOTOGALL : Instant Photo Gallery 1
		MOVABLETYPE : Movable Type 3.2

Original document		Kooper Ker, Xss в Movable Type (30.11.2005)
		r0t, Instant Photo Gallery SQL inj. vuln. (30.11.2005)
		r0t, phpAlbum Local file include vuln. (30.11.2005)
		contropotere_(at)_gmail.com, N-13 News Remote SQL/PHP Shell injection (30.11.2005)
		Kooper Ker, Уязвимость в Shop-Script 2.0 (30.11.2005)
		info_(at)_hoder.com, ASP-Rider Default.asp SQL Injection (30.11.2005)
		SECURITEAM, [EXPL] Mambo Variable Command Execution (Exploit, mosConfig_absolute_path) (30.11.2005)

Files:		Mambo <= 4.5.2 Globals overwrite / remote commands execution
		N-13 News Remote SQL / PHP-Shell Injection exploit
Discuss:		Read or add your comments to this news (0 comments)