XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities

2008.08.02
Credit: azzcoder
Risk: High
Local: No
Remote: Yes

############################################################## XMRS Multiple Vulnerabilities (ZeroDay at 25-07-2008) Author: AzzCoder [azzcoder (at) hotmail (dot) com [email concealed]] Product: http://www.xrms.org/ Product Type: CRM Thanks: coresecurity.com Remote File Inclusion File: activities/workflow-activities.php Variable: $include_directory Required register_globals: Yes XSS Multiple Files Variable: $msg Quote limitations: Yes Information Gathering tests/info.php phpinfo() call ############################################################## # milw0rm.com [2008-07-25]

References:

http://xforce.iss.net/xforce/xfdb/43994
http://www.securityfocus.com/bid/30369
http://www.securityfocus.com/archive/1/archive/1/494754/100/0/threaded
http://www.milw0rm.com/exploits/6131
http://secunia.com/advisories/31233


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top