|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 786 CVE : CVE-2006-2048 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : arko dhar gmail com Published : 27.04.2006
Advisory Content : Summary =============================================== phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your webserver to the FTP server and transfering the files to your webclient over the http protocol =========================================== Issue: PhpWebftp is prone to multiple XSS vulnerability .An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.the exploit is tested on PhpWebFtp v2.3. Proof of Concept XSS is possible via malicious arguments passed on the web browser using POST Method relative to the path of phpWebftp ie. http://www.anysite.com/PhpWebFtp/index.php? server=1&port=<script>var%20sub_variable=11233;alert(sub_variable);</scr ipt>&goPassive=on&user=1&password=1&language=bulgarian Further XSS Details and Xploits : http://www.subjectzero.net/research/phpwebftpxss.htm  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |