|
PHP, ASP, CGI web applications security vulnerabilities
updated since 14.03.2005 | | Published: |  | 20.03.2005 | | Source: |  | | | SecurityVulns ID: |  | 4573 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, etc. |
| Affected: |  | PHPBB : phpBB 2.0 | | | | MCNEWS : mcNews 1.3 | | | | PHORUM : Phorum 5.0 | | | | PHPMYADMIN : phpMyAdmin 2.6 | | | | PHPADSNEW : phpAdsNew 2.0 | | | | ASPJAR : ASPJar 1.0 | | | | CYCLADES : AlterPath Manager 1.2 | | | | PHPFUSION : PHP-Fusion 5.01 | | | | PHPWEBLOG : phpWebLog 0.5 | | | | HOLACMS : Hola CMS 1.4 | | | | SIMPGB : SimpGB 1.35 | | | | PABOX : pabox 2.0 | | | | YABB : YaBB 2 | | | | ZPANEL : ZPanel 2.0 | | | | VOTEBOX : VoteBox 2.0 | | | | IBM : WebSphere Commerce 5.6 | | | | PHPOPENCHAT : PhpOpenChat 3.0 | | | | ASPRESS : ACS Blog 1.1 | | | | MYPHP : MyPHP Forum 1.0 | | | | MYPHP : MyPHP Forum 2.0 | | | | MYPHP : MyPHP Forum 3.0 | | | | SUBDREAMER : Subdreamer 1.1 | | | | RUNCMS : Runcms 1.1 | | | | NOTIFYLINK : NotifyLink 2.0 | | | | PHPMYFAMILY : phpmyfamily 1.4 | | | | CIAMOS : Ciamos 0.9 | | CVE: |  | CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.) | | | | CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.) |
| Original document |  | Pedram hayati, [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability (20.03.2005) |
| | | Majid NT, Ciamos Highlight.php Security Hole(IHS) (20.03.2005) |
| | | Majid NT, Ciamos Installation path(IHS) (20.03.2005) |
| | | kreon, phpMyFamily 1.4.0 SQL vulnerabilities (20.03.2005) |
| | | SECUNIA, [SA14617] NotifyLink Enterprise Server Multiple Vulnerabilities (19.03.2005) |
| | | Terencentanio Enache, PHP-Post Exploit (19.03.2005) |
| | | Majid NT, runcms highlight.php hole (19.03.2005) |
| | | Majid NT, runcms installation path (19.03.2005) |
| | | foster_(at)_ghc.ru, possible SQL injection in Subdreamer (19.03.2005) |
| | | Terencentanio Enache, myPHP Forum v1, 2 & 3 (18.03.2005) |
| | | Pedram hayati, [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability (18.03.2005) |
| | | Jonathan Whiteley, PHP mcNews arbitrary file inclusion (18.03.2005) |
| | | farhad koosha, XSS in ACS blog (18.03.2005) |
| | | SECUNIA, [SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability (17.03.2005) |
| | | SECUNIA, [SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass (17.03.2005) |
| | | SECURITEAM, [UNIX] Multiple Vulnerabilities in phpWebLog (Cross Site Scripting, File Inclusion) (17.03.2005) |
| | | farhad koosha, ASPjar Tell-a-Friend (17.03.2005) |
| | | SECUNIA, [SA14589] WebSphere Commerce Private Information Disclosure (16.03.2005) |
| | | SECUNIA, [SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability (16.03.2005) |
| | | Virginity Security, Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access (16.03.2005) |
| | | Mik-, Few remote bugs in zPanel (16.03.2005) |
| | | pureone, phpbb cookie admin access (16.03.2005) |
| | | bad boy, phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit (16.03.2005) |
| | | WoRmZ Web, html code include in phpnuke news crash IE 6 (16.03.2005) |
| | | alireza hassani, YaBB2 rc1 XSS (16.03.2005) |
| | | Maksymilian Arciemowicz, [SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 (16.03.2005) |
| | | Jon Oberheide, 3 XSS Vulnerabilities in Phorum <= 5.0.14 (16.03.2005) |
| | | Rift, [XSS] paBox 2.0 (16.03.2005) |
| | | Alexander Müller, SimpGB SQL Injection Vulnerability (16.03.2005) |
| | | SECUNIA, [SA14580] aeNovo Database Disclosure of Sensitive Information (14.03.2005) |
| | | Jon Oberheide, [Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14 (14.03.2005) |
| | | SECURITEAM, [NEWS] AlterPath Manager Information Multiple Vulnerabilities (14.03.2005) |
|
|
|
|
|
