jetlib.sec » Full Disclosure » Addition to CVE-2012-0872 oxwall

Feeds

133122 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Full Disclosure

• February 21, 2012
• 

  Addition to CVE-2012-0872 oxwall

  Posted: February 21st, 2012, 8:22am PST

  Tags:   

  Posted by MG on Feb 21

  Our addition to yesterday YGn advisory:
  
  # CVE-2012-0872
  
  ============ { Ariko-Security - Advisory #2/2/2012 } =============
  
  OxWall Cross-site scripting (XSS)
  
  Vendor's description of software and download:
  # Oxwall Foundation http://www.oxwall.org/
  
  Dork:
  # N/a
  
  Application Info:
  #OxWall 1.1.1
  
  Vulnerability Info:
  # Type: XSS
  
  Time Table:
  # 13/02/2012 - Vendor notified
  
  XSS:
  #Input passed to the "plugin" parameter in index.php...