NoName Script Multiple Remote Vulnerabilities

NoName Script is prone to multiple vulnerabilities including a directory-traversal issue, an SQL-injection issue, and two cross-site request-forgery issues.

Attackers can exploit these issues to:

- view arbitrary local files within the context of the webserver
- edit other users' profile information
- log out an admin user
- compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect NoName Script 1.1 BETA and prior versions.


 

Privacy Statement
Copyright 2010, SecurityFocus