|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1680 CVE : CVE-2006-5145 CVE : CVE-2006-5144 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Hessam Salehi Published : 05.10.2006
Advisory Content : ::OlateDownload 3.4.0 Multiple Vulnerabilities :: ------------------------------------------------ Software : OlateDownload Website : www.olate.co.uk Bug Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerability ------------------------------------------------- Parameter "description_small" are not properly sanitized in "userupload.php". This can be used to post arbitrary HTML or web script code. II. Multiple SQL Injection Vulnerabilities ------------------------------------------------- Parameter "page" in "detailes.php" and "query" in "search.php" is not properly sanitized before being used in SQL query. This can be used make any SQL query by injecting arbitrary SQL code. Attacker can be execute this url : /details.php?page=%BF%27%22%28&file=1 /search.php?query=%BF%27%22%28 ================================================ Hessam Salehi .Hessamx[@]Hessamx.net ================================================  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |