|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 945 CVE : CVE-2006-2545 CVE : CVE-2006-2543 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : luny youfucktard com Published : 25.05.2006
Advisory Content : Xtremescripts Topsites v1.1 Homepage: http://www.xtremescripts.com/topsites.php Description: Xtreme Topsites is a popular topsite PHP script for websites. Most commonly used across anime websites at the moment. The topsite will count hits/clicks in and hits out and will rank them on total hits so that the site with the most hits will be number 1. Effected files: stats.php join.php lostid.php Exploit: stats.php allows embedded objects which in turn can cause a XSS. example: http://www.example.com/xtremets/stats.php?id=1 <embed allowScriptAccess="never"src="harmfulflash.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width=" 0" height="0"></embed> lostid.php input data isn't properally sanatized & filtered which allows for XSS example: put in box: <script>alert('hi')</script> Input data on join.php isn't sanatized and can create mysql errors if users input malicious data. example: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'hi'','9cdfb439c7876e703e307864c9167a15','0','19052006','-')' at line 2  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |