[ml] Php Web Statistik Multiple Vulnerabilities

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Novembre 2005 ml@sikurezza.org
Soggetto: [ml] Php Web Statistik Multiple Vulnerabilities
Mittente: ascii
Data: Mon, 28 Nov 2005 17:46:47 +0100 (CET)

PHP Web Statistik Multiple Vulnerabilities

 Name              Multiple Vulnerabilities in PHP Web Statistik
 Systems Affected  PHP Web Statistik (verified on 1.4)
 Severity          Medium Risk
 Vendor            www.php-web-statistik.de
 Advisory          http://www.ush.it/2005/11/19/php-web-statistik/
 Author            Francesco ÂaSciiÂ Ongaro (ascii at katamail . com)
 Date              20051119

PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other vulnerabilities has been
discovered later.

Advisory released on 20051119:
Php Web Statistik Multiple Vulnerabilities
http://www.ush.it/2005/11/19/php-web-statistik/

Data:
- precedente: [ml] Free Web Stat Multiple XSS Vulnerabilities, ascii
- successivo: [ml] WebCalendar Multiple Vulnerabilities, ascii
- indice

Argomento:
- precedente: [ml] Free Web Stat Multiple XSS Vulnerabilities, ascii
- successivo: [ml] WebCalendar Multiple Vulnerabilities, ascii
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005