EUVD-2008-1717

Malware in sbrugna...

EUVD-2008-1718

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in WoltLab Community Framework WCF 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the 1 page and 2 form parameters, which are not properly handled when they are reflected back in an error message...

CVE-2008-1716

Cross-site scripting XSS vulnerability in WoltLab Community Framework WCF 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the 1 page and 2 form parameters, which are not properly handled when they are reflected back in an error message...

CVE-2008-1717

WoltLab Community Framework WCF 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid 1 page and 2 form parameters, which leaks the path from an exception handler when a valid class cannot be found...

CVE-2008-1716

Vulnerability summary (CVE-2008-1716): The issue is a cross-site scripting (XSS) flaw in WoltLab Community Framework (WCF) 1.0.6 within WoltLab Burning Board 3.0.5. It allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are echoed back in...

CVE-2008-1717

WoltLab Community Framework WCF 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid 1 page and 2 form parameters, which leaks the path from an exception handler when a valid class cannot be found...

WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability

====================================================================== Advisory : WoltLabR Community Framework XSS and Full Path Disclosure Vulnerability Release Date : Application : WoltLabR Community Framework Version : WCF 1.0.6 and lower Platform : PHP Vendor URL : http://community.woltlab.co...