jetlib.sec » Bugtraq » Multiple vulnerabilities in OSClass

Feeds

132967 items (4 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB (1 unread)
• SecurityFocus Vulnerabilities (2 unread)
• Bugtraq
• Full Disclosure (1 unread)
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• January 30, 2012
• 

  Multiple vulnerabilities in OSClass

  Posted: January 30th, 2012, 10:55am PST

  Tags:   

  Posted by Filippo Cavallarin on Jan 30

  Advisory ID: CSA-12003
  Title: Multiple vulnerabilities in OSClass
  Product: OSClass
  Version: 2.3.4 and probably prior
  Vendor: osclass.org
  Vulnerability type: SQL injection, XSS, Remote file inclusion
  Vendor notification: 2012-01-12
  Public disclosure: 2012-01-27
  
  OSClass version 2.3.4 and probably below suffers from multiple vulnerabilities:
  
  1) Remote file inclusion in osc_downloadFile(). This vuln allows an attacker...