[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Php Web Statistik Multiple Vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx, ml@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx
Subject: [Full-disclosure] Php Web Statistik Multiple Vulnerabilities
From: ascii <ascii@xxxxxxxxxxxx>
Date: Mon, 28 Nov 2005 17:46:20 +0100

PHP Web Statistik Multiple Vulnerabilities

 Name              Multiple Vulnerabilities in PHP Web Statistik
 Systems Affected  PHP Web Statistik (verified on 1.4)
 Severity          Medium Risk
 Vendor            www.php-web-statistik.de
 Advisory          http://www.ush.it/2005/11/19/php-web-statistik/
 Author            Francesco ÂaSciiÂ Ongaro (ascii at katamail . com)
 Date              20051119

PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other vulnerabilities has been
discovered later.

Advisory released on 20051119:
Php Web Statistik Multiple Vulnerabilities
http://www.ush.it/2005/11/19/php-web-statistik/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Free Web Stat Multiple XSS Vulnerabilities
Next by Date: [Full-disclosure] WebCalendar Multiple Vulnerabilities
Previous by thread: [Full-disclosure] Free Web Stat Multiple XSS Vulnerabilities
Next by thread: [Full-disclosure] WebCalendar Multiple Vulnerabilities
Index(es):
- Date
- Thread