lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jul 2007 13:10:27 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: bugtraq@...urityfocus.com Cc: full-disclosure@...ts.grok.org.uk Subject: Moodle XSS / Liesbeth base CMS sensitive information disclosure Dear bugtraq@...urityfocus.com, 1. MustLive (mustlive at websecurity.com dot ua) reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example: http://host/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20 Detailed information (in Ukranian) http://websecurity.com.ua/1045/ Original message (in Russian) http://securityvulns.ru/Rdocument391.html 2. Durito [damagelab] (durito at mail dot ru) reported information leak in Liesbeth base CMS (Vendor: www.doubleflex.com), example: http://host/config.inc file accessible through Web contains sensitive information, including database account. Original message (in Russian) http://securityvulns.ru/Rdocument392.html -- http://securityvulns.com/ /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/
Powered by blists - more mailing lists