Gforge.org Cross Site Scripting

Exploit Title: GForge Cross Site Scripting Date: 30.01.2012 Author: Sony Software Link: http://gforge.org Google Dorks: inurl:gf/user/ site:edu gov,com,org,etc.. or another dorks it's simple Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

Gforge - viewFile.php security flaw

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : 4.0 Bug fixed : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Auth...