lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <442AD894.5080407@free.fr>
Date: Thu Mar 30 00:39:31 2006
From: jerome.athias at free.fr (Jerome Athias)
Subject: ExplorerXP : Directory Traversal and Cross Site
	Scripting

ExplorerXP : Directory Traversal and Cross Site Scripting

Software : ExplorerXP

Description :

Two vulnerabilities have been discovered in ExploreXP, which can be
exploited by malicious people to conduct directory traversal and Cross
Site Scripting attacks.

Directory Traversal : http://[target]/dir.php?chemin=../../../

Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix

Solutions :
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by :
Silitix

Reference :

https://www.securinfos.info/english/security-advisories-alerts/20060329_.ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php
http://ns79.hosteur.com/~secuti/explorerxp.php (Advisorie in french)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ