[UNIX] bMachine Cross Site Scripting Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 12/24/03
- Previous message: SecuriTeam: "[UNIX] XOOPS myheader.php Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 24 Dec 2003 14:59:00 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
bMachine Cross Site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://boastology.com/> BoastMachine is "a one of its kind
Blog/Journal/Article publishing system". The product suffers from a
cross-site scripting vulnerability allowing remote attackers to insert
malicious HTML and/or JavaScript into the web pages returned by the
product.
DETAILS
Vulnerable systems:
* bMachine version 2.6
This Blog system, based in PHP, suffers from cross-site scripting
vulnerability (CSS/XSS). This can be exploited by including arbitrary HTML
or script code in the comment form, using field's name, and even the
comment box. This will execute any of the malicious code when viewing the
comments on that message.
ADDITIONAL INFORMATION
The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] XOOPS myheader.php Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] PHPNuke Multiple Vulnerabilities in Search Module
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... cross-site scripting and
SQL injections located throughout the ... The vulnerability exists in the ... The
first SQL injection vulnerability is a non-critical one in the ... (Securiteam) - [NEWS] XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... No other Cisco products are known
to be affected by this vulnerability. ... The cross-site scripting vulnerability
and the SQL injection vulnerability ... Attacks against these ... (Securiteam) - [NEWS] Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerabilit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Opera Software Opera
Web Browser createSVGTransformFromMatrix Object ... Exploitation of this vulnerability
would allow an attacker to execute ... (Securiteam) - [NEWS] Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Adobe Acrobat Javascript
for PDF Integer Overflow Vulnerability ... (Securiteam) - [UNIX] ZeroBoard PHP Code Injection and XSS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... attacker can cause
the script to utilize arbitrary external PHP code. ... For the first vulnerability, and
for zboard version 4.1pl4, insert the ... (Securiteam)
