|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3869 CVE : CVE-2008-2167 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Deniz Cevik Published : 14.05.2008
Advisory Content : Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN capability, MultiNAT, web pages content filtering and an embedded web configurator for easy configuration and management. ZyWALL web based management interface utilizes referer header for serving 404 Error pages. The vulnerability can be exploited by requesting a non-existing web page with a specially crafted referer header. As the application does not properly sanitize the data contained in the referer header, desired script code can be run on client browser. Sample Request: GET /blah.htm HTTP/1.1 Host: www.site.com Referer: blaaaa"><script>alert(12345)</script>aaaah.htm Deniz CEVIK www.intellectpro.com.tr  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |