February 2007
xoops multiple vulnerabilities, update xoops 2.0.16 ou maior
obrigado pela informação. baixando de pendências xoops
December 2006
xoops multiple vulnerabilities, update xoops 2.0.16 ou maior
secunia advisory: sa17300 release date: 2005-10-25 last update: 2005-11-08 critical: moderately critical. impact: security bypass. cross portal scripting. dos whe from remote. solution status: vendor patch. software: xoops 2.x. description: some vulnerabilities have been reported in xoops, which can be exploited by malicious people estou conduct script insertion attacks, cause a dos (denial of service), and estou bypass certain security restrictions. 1) input passed estou certain "xoops code" tags isn't properly sanitised before being returned estou the user. this can be exploited estou execute arbitrary html and script code in a user's browser session in context of an affected site. 2) certain input passed estou the "newbb" fórum module and estou the comments system isn't properly sanitised before being returned estou the user. this can be exploited estou execute
1
(2 marks)