exploits , vulnerabilities , articles , webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities

Title	webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
Published	2007-12-10-12:00AM
Updated	2008-01-03-02:10PM
Class	Input Validation Error
CVE	CVE-2007-6309
Remote	Yes
Local	No
Credit	Brainhead is credited with the discovery of these vulnerabilities.
Vulnerable	webSPELL webSPELL 4.1.2
Not Vulnerable
Code	Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.The following proof-of-concept URIs are available:http://www.example.com/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&upID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&tag=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&month=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&userID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&year=">[your code]
TXT

Vulnerabilities - newest 10 RSS | More

2008-11-22 KVIrc URI Handler Remote Command Execution Vulnerability
2008-11-22 NVIDIA Cg Toolkit Installer Insecure Temporary File Creation Vulnerability
2008-11-22 TkUsr Insecure Temporary File Creation Vulnerability
2008-11-21 TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities
2008-11-21 Maildirsync Insecure Temporary File Creation Vulnerability
2008-11-21 TkMan Insecure Temporary File Creation Vulnerability
2008-11-21 Apple iPhone Configuration Web Utility for Windows Directory Traversal Vulnerability
2008-11-21 Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
2008-11-21 vBulletin Visitor Messages Addon Comment Notification HTML Injection Vulnerability
2008-11-21 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 22 Nov 2008 05:17:54 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
%2Findex.p ip+board+2 Sex in asi t505t www.indiap CMS is Fre Www.sexrap www.srt8up www.indiap SEXtv1 PHP 5.1.6 www.89.c0m www.tzssny 200 /compo news for c image geir t114t Cerita sex free telug www.bollyw britny spe php-nuke 2 WWW.FREEPO php-nuke 2 WWW.FREEPO www namit SEX WWLPEP WHMCS www.worl.s www.tz-cy. www.worl.s t509t WWW.ENTELW awstat CMS is Fre www89.com adult sexy CMS is Fre CMS is Fre mambo Remo PHON EROTI web wiz fo photo sex www.Sex+wa gambar ade /modules/M nudegirl mambo Remo sex10 /search/ex