Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.12.2006
Source:
SecurityVulns ID:6977
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.0
 DMXREADY : Secure Login Manager 1.0
CVE:CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.)
Original documentdocumentHackers Center Security Group, Secure Login Manager Multiple Input Validation Vulnerabilities (28.12.2006)
 documenthack2prison_(at)_yahoo.com, Host directory full disclosure and input error (28.12.2006)
 documentDavid Kierznowski, [Full-disclosure] WordPress Persistent XSS (28.12.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod