Computer Security

PHP, ASP, CGI web applications security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP, ASP, CGI web applications security vulnerabilities
updated since 25.04.2005
Published:01.05.2005
Source:
SecurityVulns ID:4724
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
Affected:PHPBB : phpBB 2.0
 INVISION : Invision Power Board 2.0
 HORDE : IMP 3.2
 PHPMYADMIN : phpMyAdmin 2.6
 COMERSUS : Comersus ASP Shopping Cart 6.01
 PHPNUKE : PHP-Nuke 7.6
 PHPCOIN : phpCOIN 1.2
 MYPHP : MyPHP Forum 3.0
 WOLTLAB : Woltlab Burning Board 2.3
 YAZAPORT : E-Cart 1.1
 WEBAPP : WebAPP 0.9
 BKDEV : BK Forum 4
 ACSBLOG : ACSblog 0.8
 ACSBLOG : ACSblog 1.0
 ACSBLOG : ACSblog 1.1
 ARTMEDIC : artmedic_links 5
 CARTWIZ : CartWIZ 1.1
 PHPMYVISITES : phpMyVisites 1.3
 STOREPORTAL : StorePortal 2.63
 METALINKS : MetaCart e-Shop 8
 METALINKS : MetaCart2
 METALINKS : MetaBid Auctions
 GRAYMUR : GrayCMS 1.1
 DREAM4 : koobi-cms 4.2
 CLARONLINE : Claroline RC1
 HORDE : Forwards 2.2
 HORDE : mnemo 1.1
 HORDE : chora 1.2
 HORDE : nag 1.1
 HORDE : Horde passwd 2.2
 HORDE : turba 1.2
 HORDE : Horde accounts 2.1
 HORDE : Kronolith 1.1
 HORDE : Horde vacation 2.2
 OXPUS : phpBB Notes Mod
 OCEAN12 : Ocean12 Mailing list manager 1.06
 ALL4WWW : All4WWW-Homepagecreator 1.0
Original documentdocumentSECUNIA, [SA15173] enVivo!CMS SQL Injection Vulnerabilities (01.05.2005)
 documentGENTOO, [Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation (01.05.2005)
 documentSECURITEAM, [UNIX] All4WWW-Homepagecreator site Parameter Command Execution (01.05.2005)
 documentLuis Fernando, Multiples Full Path Disclosure in php-nuke 7.6 (and below) (30.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple Sql injections in phpCoin v1.2.2 and below (30.04.2005)
 documentZinho, [HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection (30.04.2005)
 documentJeiAr, phpBB Notes Mod SQL Injection Vulnerability (30.04.2005)
 documentdurito, еще один бажный скрипт в WebAPP v0.9.9. (30.04.2005)
 documentSECUNIA, [SA15073] Vacation Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15080] Kronolith Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15081] Accounts Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15074] Turba Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15075] Passwd Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15077] Horde IMP Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15079] Nag Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15083] Chora Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15078] Mnemo Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSECUNIA, [SA15082] Forwards Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)
 documentSieg Fried, ZRCSA-200501 - Multiple vulnerabilities in Claroline (28.04.2005)
 documentCENSORED, SQL-injections in koobi-cms (28.04.2005)
 documentTerencentanio Enache, myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' (27.04.2005)
 documentZinho, [HSC Security Group] Comersus v6 Script injection (27.04.2005)
 documentKold, GrayCMS php code injection (27.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaBid Auctions (27.04.2005)
 documentdcrab_(at)_hackerscenter.com, MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities (27.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K (27.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for PayPal (27.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart e-Shop V-8 (27.04.2005)
 documentZinho, [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability (27.04.2005)
 documentCENSORED, SQL-injections in Invision Power Board v2.0.1 (27.04.2005)
 documentfireboy fireboy, remote command execution in text.cgi script (26.04.2005)
 documentfireboy fireboy, index.cgi script XSS + file show (26.04.2005)
 documentfireboy fireboy, remote command execution in forum.pl script (26.04.2005)
 documentfireboy fireboy, remote command execution in ad.cgi script (26.04.2005)
 documentadmin_(at)_batznet.com, WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) (26.04.2005)
 documentfireboy fireboy, remote command execution in includer.cgi script (26.04.2005)
 documentfireboy fireboy, remote command execution in citat.pl script (26.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple SQL Injections in StorePortal 2.63 (26.04.2005)
 documentfireboy fireboy, remote command execution in include.cgi script (26.04.2005)
 documentfireboy fireboy, remote command execution in inserter.cgi script (26.04.2005)
 documentMax Cerny, [exploit] phpMyVisites 1.3 local file retrieval (26.04.2005)
 documentNicolas Montoza, E-Cart v1.1 Remote Command Execution (25.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple Sql injection and XSS in CartWIZ ASP Cart (25.04.2005)
 documentAdam n30n Simuntis, artmedic_links5 remote file access exploit (25.04.2005)
 documentHaCkZaTaN, -==phpBB 2.0.14 Multiple Vulnerabilities==- (25.04.2005)
 documentfarhad koosha, ACSblog bug (25.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple Sql injection vulnerabilities in BK Forum v.4 (25.04.2005)
 documentdurito, Просмотр файлов и директорий в WebAPP Web Automated Perl Portal System v0.9.9. (25.04.2005)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server