|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 3701 CVE : CVE-2008-1037 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : nnposter Published : 27.02.2008
Advisory Text : Packeteer Products File Listing XSS Product: Packeteer PacketShaper http://www.packeteer.com/products/packetshaper/ Packeteer PolicyCenter http://www.packeteer.com/products/packetshaper/policycenter.cfm The web management interface of several Packeteer products contains a cross-site scripting vulnerability in the file listing function. Parameter FILELIST, specified in an arbitrary page request, is not sufficiently sanitized before it gets embedded in the HTML output of the Error Report page. (The parameter value is limited to 64 characters.) Example: https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert (%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E The vulnerability has been identified in version 8.2.2. However, other versions may be also affected. Solution: Do not stay logged into the Packeteer web management interface while browsing other web sites. Found by: nnposter Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |