PHP, ASP, CGI web applications security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP, ASP, CGI web applications security vulnerabilities
updated since 28.03.2005
Published: 03.04.2005
Source:
SecurityVulns ID: 4613
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected: SUN : Answerbook2 1.4
PAFILEDB : paFileDB 3.1
INVISION : Invision Power Board 2.0
ASPAPP : PortalApp
HORDE : Horde 3.0
PHPCOIN : phpCOIN 1.2
PHOTOPOST : Photopost 5.0
ASPRESS : ACS Blog 1.1
MAGICSCRIPTS : E-Store Kit-2
EXOOPS : exoops 1.0
VLADERSOFT : Vladersoft Shopping 3.0
MAILREADER : mailreader 2.3
SMARTY : Smarty 2.6
UAPPLICATION : Ublog 1.0
CHATNESS : Chatness 2.5
INTERAKT : MX Shop 1.1
INTERAKT : MX Kart 1.1
CPGNUKE : Dragonfly CMS 9.0
YETANOTHERFORUM : Yet Another Forum.net 0.9
ALSTRASOFT : EPay Pro 2.0
ASPDEV : ASP-Dev Forum RC3

Original document SECUNIA, [SA14701] XMB Script Insertion Vulnerabilities (07.04.2005)

SECURITEAM, [NT] ASP-Dev Multiple Cross Site Scripting Vulnerabilities (03.04.2005)

dcrab_(at)_hackerscenter.com, AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities (03.04.2005)

document maty siman, Yet Another Forum.net XSS vulnerabilities (03.04.2005)

SECUNIA, [SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities (01.04.2005)

SECUNIA, [SA14730] Horde Page Title Cross-Site Scripting Vulnerability (01.04.2005)

SECUNIA, [SA14730] Horde Page Title Cross-Site Scripting Vulnerability (01.04.2005)

document SECUNIA, [SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities (01.04.2005)

dcrab_(at)_hackerscenter.com, MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities (01.04.2005)

hoang yen, Invision Power Board v2.0.3 XSS vulnerabilities (31.03.2005)

document dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in PortalApp (31.03.2005)

Pedram hayati, [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities (31.03.2005)

Antone Roundy, Code insertion in Blogger comments (31.03.2005)

document JeiAr, Multiple phpCoin Vulnerabilities (31.03.2005)

Pedram hayati, [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities (31.03.2005)

GENTOO, [ GLSA 200503-35 ] Smarty: Template vulnerability (31.03.2005)

DEBIAN, [SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability (31.03.2005)

document dcrab_(at)_hackerscenter.com, PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability (31.03.2005)

dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in Pay pal Storefront (31.03.2005)

B00B00, Multiple XSS issues in Sun AnswerBook2 (31.03.2005)

document Dan Crowley, Multiple XSS vulnerabilities in ACS Blog (31.03.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) (31.03.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. (31.03.2005)

document dcrab_(at)_hackerscenter.com, Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 (31.03.2005)

SECUNIA, [SA14697] exoops Cross-Site Scripting and SQL Injection Vulnerabilities (28.03.2005)

CorryL, [Full-disclosure] THai's Shoutbox XSS (Spoofing URL) BUG (28.03.2005)

document dcrab_(at)_hackerscenter.com, File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition (28.03.2005)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod