|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 991 CVE : CVE-2006-2664 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : luny youfucktard com Published : 31.05.2006
Advisory Content : ((sorry if youget this twice, the reply page timed out)) iFdate v1.2 Homepage: http://www.ifusionservices.co.uk/products/product_ifdate.php Description: Packed full of great features, it supports themes and looks sleek, your users will be able to create & customize their very own profile page, upload pictures, rate users, create blogs. You can even upgrade them to premium tools and so much more, iFdate gives you the best performance on what a community site needs! Effected files: all input boxes XSS attack is possible if you put this in the login box as username and pw: '';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<IMG SRC=javascript:alert('XSS')>'';!--"<XSS>=&{()}'';!--"<XS S>=&{()} It should also be noted that all input boxes on the site for editing your profile, sending messages, posting in the forum, along with any other input box that doesnt sanatize user input before dynamically generating it isvulnerable.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libopie __readrec() off-by-one
This advisory is related to new FreeBSD advisory FreeBSD-SA-10:05.opie. |
||
| Apache |  |
|
» Apache ActiveMQ 5.4.0 |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2010-04-23| Copyright © SecurityReason.com. All Rights Reserved. |