|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3177 CVE : CVE-2007-5112 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : pagvac Published : 27.09.2007
Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a trivially exploitable XSS vul on Google Urchin Web Analytics 5's login page. The vulnerability has been tested on versions 5.6.00r2, v5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely to be affected as well. I know that you're sick of XSS PoCs that only open alert boxes. So I crafted a exploit URL that will steal the victim's username and password by simply clicking on it: http://www.gnucitizen.org/blog/google-urchin-password-theft-madness PS: demo video included! - -- pagvac [http://gnucitizen.org, http://ikwt.com/] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFG9//fjXB4hX6OC/cRAnchAJ4k9U4i8ZW1Cf8CjbNuivYlCHqjCQCeIVyj oZ2fz06792VVGEkfpPwjCMs= =Uz1y -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |