|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 967 CVE : CVE-2006-2634 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Yunus Emre Yilmaz Published : 31.05.2006
Advisory Text : Advisory : Cross Site Scripting in Seditio (http://www.neocrome.net) Release Date : 24/05/2005 Last Modified : 24/05/2005 Author : Yunus Emre Yilmaz ( http://yns.zaxaz.com) Application : Seditio v102 ( maybe older versions) Risk : Critical Problem : Ldu's logging all referer info for administrator.If an attacker change the referer value with malicious js codes, the code will be executed in administration page.Referer info is coming from user and can be changed as everything. Proof Of Concept : I wrote a simple exploit which can be downloaded from here : http://yns.zaxaz.com/exploits/seditio-exploit.rar Solution : I wrote an unofficial security patch which can be downloaded from here : http://yns.zaxaz.com/security-patches/security-patches-seditio-v102-xss- patch.rar (For offical patches : www.neocrome.net) Original Advisory : http://yns.zaxaz.com/advisories/seditio.txt Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |