Manila from manila.userland.com is a widely deployed CMS _ _
(http://http://manila.userland.com/selectedCustomers) \`\ /`/
\
V / This following cross site scripting exploit was
sent to /.
This is yet another case where XSS is resultant from a more serious
issue. The primary issue here involves local file inclusion.
retrogod-style attacks might be feasible by injecting PHP code into
text-based data files within the application, then including those
text files using this issue;
ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
April 13, 2006
-- CVE ID:
CVE-2006-1730
-- Affected Vendor:
Mozilla
-- Affected Products:
Mozilla 1.7.x and below
Firefox 1.5.x and below
-- TippingPoint(TM)
ORIGINAL ADVISORY:
http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
-Summary-
Software: MyBB
Sowtwares Web Site: http://www.mybboard.com
Versions: 1.1.0
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei
ORIGINAL ADVISORY:
http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html
-Summary-
Software: CPG Coppermine Photo Gallery
Sowtwares Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.4.stable
Class: Remote
I guess when he uninstalled Firefox
originally, it wasn't a completely clean uninstall. That's the only
explanation since we couldn't duplicate my reported bug as easily as
we thought.
I think that what this comes down to is that when you uninstall
Firefox (or Mozilla), it doesn't prompt you
New eVuln Advisory:
aWebBB Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/117/summary.html
Summary
eVuln ID: EV0117
CVE: CVE-2006-1637 CVE-2006-1638
Software: aWebBB
Sowtware's Web Site: http://labs.aweb.com.au/
Versions: 1.2
Critical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1035-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
April 15th, 2005
Dear Christine Kronberg,
Microsoft ISA Server can't filter events from Microsoft Mouse, but
Microsoft Mouse can be bound to computer. It's security risk, but I know
how to secure mouse without ISA and I accept this risk.
IPv6 can not be filtered by ISA, but it still can be filtered
Tiny Web Gallery = 1.4 XSS
http://www.[SITE].com/[PATH]/index.php?twg_album='scriptalert(document.cookie)/script
Found By:
Qex
PhpGuestbook = 1.0 XSS
Post Comment:-
Name: 'scriptalert(document.cookie)/script
Website:
Comment: 'scriptalert(document.cookie)/script
Found By:
Qex
FlexBB = 0.5.7 BETA XSS
Start a new thread and type this in the thread name field box :-
'scriptalert(document.cookie)/script
Or post a reply to any topic and include this in your reply :-
'scriptalert(document.cookie)/script
Found By:
Qex
Boardsolution = 1.12 XSS
http://www.[SITE].com/[PATH]/index.php?action=search
Search for:-
'scriptalert(document.cookie)/script
Found By:
Qex
Description :
phpFaber TopSites is a feature-packed, reliable and secure Top List coded in
PHP and mySQL. phpFaber TopSites has proven its reliability time and time again
under the most active server environments. Our feature list is large, including
all elements you need to easily maintain
Snipe Gallery = 3.1.4 Multiple XSS
http://www.[SITE].com/[PATH]/view.php?gallery_id='scriptalert(document.cookie)/script
http://www.[SITE].com/[PATH]/search.php?keyword='scriptalert(document.cookie)/scriptsearch_cat=search_type=and
The ModX development released a patch for these bugs this morning.
More information available at:
http://modxcms.com/forums/index.php/topic,3982.0.html
While we greatly appreciate the efforts of cR45H3R in finding these
bugs in our code, we'd also appreciate a courtesy email to the dev
16 matches
Mail list logo