SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

iFdate v1.2


Arrow  SecurityAlert : 991
Arrow  CVE : CVE-2006-2664
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : luny youfucktard com
Arrow  Published : 31.05.2006

Arrow  Affected Software : iFdate v1.2



Arrow  Advisory Content :  

((sorry if youget this twice, the reply page timed out))

iFdate v1.2

Homepage:

http://www.ifusionservices.co.uk/products/product_ifdate.php

Description:

Packed full of great features, it supports themes and looks sleek, your
users will be able to create & customize their very own profile page,
upload pictures, rate users, create blogs. You can even upgrade them to
premium tools and so much more, iFdate gives you the best performance on
what a community site needs!

Effected files:

all input boxes

XSS attack is possible if you put this in the login box as username and pw:

'';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<IMG
SRC=javascript:alert('XSS')>'';!--"<XSS>=&{()}'';!--"<XS
S>=&{()}

It should also be noted that all input boxes on the site for editing your
profile, sending messages, posting in the forum, along with any other input
box that doesnt sanatize user input before dynamically generating it
isvulnerable.





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libopie __readrec() off-by-one

Security Risk Medium- 2010-04-23

This advisory is related to new FreeBSD advisory FreeBSD-SA-10:05.opie.

Apache RSS Apache Alert

» Apache ActiveMQ 5.4.0
   source code disclosure
   vulnerability

» Apache ActiveMQ 5.3.0
   Persistent Cross-Site
   Scripting

» Apache CouchDB 0.10.1
   Timing Attack
   Vulnerability

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

Copyright © SecurityReason.com. All Rights Reserved.