Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:9313
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FCKEditor: arbitrary file upload eCaptcha: crossite scripting
Affected:ADNFORUM : adnforum 1.0
 FCKEDITOR : FCKeditor 2.6
 FCKEDITOR : FCKeditor 2.4
 FLATPRESS : flatpress 0.804
 EASYREALTOR : EasyRealtorPRO 2008
CVE:CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.)
Original documentdocumentSmOk3, SQL Injection in EasyRealtorPRO 2008 (29.09.2008)
 documentPepelux, adnforum <= 1.0b / Insecure Cookie Handling Vulnerability (29.09.2008)
 documentFabian Fingerle, Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120 (29.09.2008)
 documentalfredo.melloni_(at), Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities (29.09.2008)
 documentMustLive, Cross-Site Scripting vulnerability in eCaptcha (29.09.2008)
 documentMustLive, Arbitrary File Upload vulnerability in FCKeditor (29.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod