Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 28.12.2006
Source:
SecurityVulns ID: 6977
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: WORDPRESS : WordPress 2.0
DMXREADY : Secure Login Manager 1.0
CVE: CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.)

Original document Hackers Center Security Group, Secure Login Manager Multiple Input Validation Vulnerabilities (28.12.2006)

hack2prison_(at)_yahoo.com, Host directory full disclosure and input error (28.12.2006)

David Kierznowski, [Full-disclosure] WordPress Persistent XSS (28.12.2006)

Discuss: Read or add your comments to this news (1 comments)

	MustLive: Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) 06.01.2007 21:00:05
	David Kierznowski весёлый человек. В своём сообщении он описал уязвимость, которую он мол нашёл в конце 2006 года в ... full text

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)