RSS   Vulnerabilities for 'Autoindex php script'   RSS

2007-11-14
 
CVE-2007-5984

CWE-20
 

 
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."

 
 
CVE-2007-5983

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

 


Copyright 2017, cxsecurity.com

 

Back to Top