Archive

Archive for the ‘General Purpose Directories’ Category

phpMyDirectory “id” SQL Injection

February 1st, 2012
Comments Off

Application: phpMyDirectory
Affected Version: version 1.3.3 and other versions.
Vendor’s URL: phpMyDirectory
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

General Purpose Directories, SQL Injection

phpDirectorySource SQL Injection

May 21st, 2008
Comments Off

Application: phpDirectorySource
Affected Version: version 1.1.06 and other versions.
Vendor’s URL: phpDirectorySource
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

General Purpose Directories, SQL Injection

Indexu Multiple XSS

January 18th, 2007
Comments Off

Application: Indexu
Version: 5.x or below
Vendor’s URL: http://www.nicecoder.com/
Bug type: Cross Site Scripting
Risk: High

Solution:
- Edit the source code to ensure that input is properly sanitised
- Application upgrade to latest version
- Vendor patch

Cross Site Scripting, General Purpose Directories