|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1805 CVE : CVE-2006-5653 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Handrix Published : 06.11.2006
Advisory Content : Sun java System Messenger Express remote XSS vulnerabilities By: Handrix <handrix_at_morx_org> 29 November 2005 MorX security research team www.morx.org Description: Sun java System Messenger Express XSS The index script is vulnerable to XSS attacks, in function errorHTML . function errorHTML() { var s=''; . . . document.write(s) ---> Need more case filetring the 's' var } So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. Exploit: https://mail.victime.edu/?user=&error=%3Cscript%3Ealert('hakin9');%3 C/script%3E</a> Googledork : intitle: "Sun Java(tm) System Messenger Express" Vulnerable versions : Sun java System Messenger Express Sun java System Messenger Express6  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |