PHP/ASP/CGI web applications security bugs - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP/ASP/CGI web applications security bugs
updated since 14.02.2005
Published: 20.02.2005
Source:
SecurityVulns ID: 4482
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc.

Affected: WEBCALENDAR : WebCalendar 0.9
PHPBB : phpBB 2.0
ZEROBOARD : Zeroboard 4.1
VBULLETIN : vBulletin 3.0
OSCOMMERCE : osCommerce 2.2
INVISION : Invision Power Board 1.3
PHPNUKE : PHP-Nuke 7.4
CUBECART : CubeCart 2.0
KAYAKO : Kayako eSupport 2.3
SITEMAN : Siteman 1.1
MERCURYBOARD : MercuryBoard 1.1
ELOG : elog 2.5
CITRUSDB : CitrusDB 0.3
AWSTATS : AWStats 6.3
OPENCONF : Openconf 1.04
PHPNUKE : PHP-Nuke 7.6
OPENWEBMAIL : Open WebMail 2.50
DCPPORTAL : DCP-Portal 6.1
PANEWS : paNews 2.0
NEWSBRUISER : NewsBruiser 2.6
BIBORB : BibORB 1.3
PAFAQ : paFAQ Beta4
BIZMAILFORM : BizMail 2.1
PMACHINE : PMachine 2.4

Original document kingcope_(at)_gmx.net, [Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution (20.02.2005)

albanian haxorz, Multiples vulnerability in ZeroBoard, (20.02.2005)

Jason Frisvold, BizMail 2.1 Spam Exploit (20.02.2005)

jtm297_(at)_optonline.net, Possible phpBB <=2.0.11 bug or sql injection? (18.02.2005)

document Pedram hayati, [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection (18.02.2005)

Scovetta Labs, [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie (18.02.2005)

Daniel A., Invision Power Boards 1.3.1 FINAL XSS Exploit (18.02.2005)

matrix_killer ma3x, phpbb 2.0.11 bug (18.02.2005)

document Patrick Hof, [Full-Disclosure] Advisory: Multiple Vulnerabilities in BibORB (17.02.2005)

SECUNIA, [SA13937] MercuryBoard "f" Cross-Site Scripting Vulnerability (17.02.2005)

SECUNIA, [SA14262] NewsBruiser Comment System Security Bypass Vulnerability (17.02.2005)

SECUNIA, [SA14263] Siteman Site Owner Registration Security Bypass Vulnerability (17.02.2005)

document Pedram hayati, [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability (17.02.2005)

SECUNIA, [SA14284] Mercuryboard "debug" Debug Information Disclosure (16.02.2005)

Exoduks, [hackgen-2005-#003] - SQL injection bugs in DCP-Portal (16.02.2005)

John Cobb, [NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability (16.02.2005)

document Seth Woolley, [Full-Disclosure] Kayako eSupport v2.3.1 Support Tracker XSS Vulnerability (15.02.2005)

SECUNIA, [SA14253] Open WebMail Login Page Cross-Site Scripting Vulnerability (15.02.2005)

Janek Vind, [Full-Disclosure] [waraxe-2005-SA#040] - Full path disclosure and XSS in PhpNuke 6.x-7.6 (15.02.2005)

document Maximillian Dornseif, [Full-Disclosure] Advisory: Authentication bypass in CitrusDB (15.02.2005)

Maximillian Dornseif, [Full-Disclosure] Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software (15.02.2005)

Maximillian Dornseif, [Full-Disclosure] Advisory: SQL-Injection in CitrusDB (15.02.2005)

document Maximillian Dornseif, [Full-Disclosure] Advisory: Upload Authorization bypass in CitrusDB (15.02.2005)

Maximillian Dornseif, [Full-Disclosure] Advisory: Directory traversal in CitrusDB (15.02.2005)

John Cobb, [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities (15.02.2005)

document AL3NDALEEB, vbulletin 3.0.x PHP code execution (15.02.2005)

foster_(at)_ghc.ru, AWStats <= 6.4 Multiple vulnerabilities (15.02.2005)

SECURITEAM, [EXPL] PHP-Nuke POST Method Admin Variable Privilege Escalation (14.02.2005)

Maximillian Dornseif, [Full-Disclosure] Credit Card data disclosure in CitrusDB (14.02.2005)

document SECURITEAM, [EXPL] ELOG Remote Shell Exploit (14.02.2005)

Files: phpNUKE v7.4 exploit
AWStats Remote Command Execution exploit
ELOG Remote Shell Exploit <= 2.5.6
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server