|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 6896 CVE : CVE-2009-4464 CWE : CWE-79 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Available : No Credit : Andrea Bocchetti Published : 31.12.2009
Advisory Content : # Author: Andrea Bocchetti # Contact: flashcreazione@gmail.com # Homepage : www.geekit.it // Software Info # Name : activebusinessdirectory # Version : v 2 # Price : $499.00 USD This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Input passed via the "search" parameter to search.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session on context of an affected site. POC http://name.com/demoactivebusinessdirectory/searchadvance.asp? <= xss Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. How to fix this vulnerability : Script should filter metacharacters from user input. References : http://xforce.iss.net/xforce/xfdb/55010
http://www.packetstormsecurity.org/0912-exploits/abd-xss.txt
http://secunia.com/advisories/37863
http://osvdb.org/61267  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |