|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1944 CVE : CVE-2006-6197 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : tarkus Published : 01.12.2006
Advisory Content : _________________________________________ Security Advisory _________________________________________ _________________________________________ Severity: Medium Title: b2evolution XSS Vulnerability Date: 28.11.06 Author: tarkus (tarkus (at) tiifp (dot) org) Web: https://tiifp.org/tarkus Vendor: b2evolution (http://b2evolution.net/) Affected Product(s): b2evolution 1.8.2 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Description: ------------ http://<victim>/<b2epath>/inc/VIEW/errors/_404_not_found.page.php?bas eurl=[XSS]&app_name=[XSS] http://<victim>/<b2epath>/inc/VIEW/errors/_410_stats_gone.page.php?ap p_name=[XSS] http://<victim>/<b2epath>/inc/VIEW/errors/_referer_spam.page.php?ReqU RI=[XSS]&app_name=[XSS] Workaround: ----------- Put the following line at the beginning of the files. if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); Timeline: --------- Reported to Vendor: 10.11.06 Vendor response: 10.11.06 Patch in CVS: 10.11.06  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |