Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge)

Original: http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailing-apps-did-not-use-ssl.html CERT Advisory: https://www.kb.cert.org/vuls/id/439016 Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) Overview Arro and possibly over 100 other

Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)

Original at: http://securityresearch.shaftek.biz/2015/09/insufficient-parameter-sanitization-login-live-com.html Overview Web widgets hosted by Microsoft’s online login portal, login.live.com, do not perform sufficient parameter sanitization allowing an attacker to inject arbitrary text.

SAXON version 5.4 XSS Attack Vulnerability

netVigilance Security Advisory #54 SAXON version 5.4 XSS Attack Vulnerability Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news

SAXON version 5.4 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #53 SAXON version 5.4 Multiple Path Disclosure Vulnerabilities Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your

SimpGB version 1.46.02 Information Disclosure Vulnerability

netVigilance Security Advisory #66 SimpGB version 1.46.02 Information Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for

SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #68 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database,

SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #64 SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support

SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory #67 SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for

SimpGB version 1.46.02 File Content Disclosure Vulnerability

netVigilance Security Advisory #65 SimpGB version 1.46.02 File Content Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support

SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory #70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own

SimpNews version 2.41.03 File Content Disclosure Vulnerability

netVigilance Security Advisory #69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own

eTicket version 1.5.5 XSS Attack Vulnerability

netVigilance Security Advisory #31 eTicket version 1.5.5 XSS Attack Vulnerability Description: eTicket is an electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3 or pipe) and a web-based form, as well as manage them using a web

eTicket version 1.5.5 XSS Attack Vulnerability

netVigilance Security Advisory #31 eTicket version 1.5.5 XSS Attack Vulnerability Description: eTicket is an electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3 or pipe) and a web-based form, as well as manage them using a web

Calendarix version 0.7. 20070307 Multiple XSS Attacks

netVigilance Security Advisory #37 Calendarix version 0.7. 20070307 Multiple XSS Attacks Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user with the

Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #35 Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It

MyNews version 0.10 SQL Injection Vulnerability

netVigilance Security Advisory #25 MyNews version 0.10 SQL Injection Vulnerability Description: MyNews is very easy to include into any website news publishing, just as simple as using the include tag and calling the function to display the news. BBCode has been added to this feature,

Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory #38 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It

WSPortal version 1.0 Path Disclosure Vulnerability

netVigilance Security Advisory #32 WSPortal version 1.0 Path Disclosure Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address,

Utopia News Pro version 1.4.0 XSS Attack Vulnerability

netVigilance Security Advisory #34 Utopia News Pro version 1.4.0 XSS Attack Vulnerability Description: Utopia News Pro is a powerful and scalable news management system for any web site. News Pro, written in PHP and backed by the renowned MySQL database system, Utopia Software's News

WSPortal version 1.0 SQL Injection Vulnerability

netVigilance Security Advisory #33 WSPortal version 1.0 SQL Injection Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address,

myEvent version 1.6 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #24 myEvent version 1.6 Multiple Path Disclosure Vulnerabilities Description: myEvent is Dynamic Calendar based Events Management system with admin panel for adding events, edit and delete built using PHP mySQL. Display today's event and future events

DGNews version 2.1 SQL Injection Vulnerability

netVigilance Security Advisory #22 DGNews version 2.1 SQL Injection Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want (for advanced users). Features: add unlimited

DGNews version 2.1 XSS Attack Vulnerability

netVigilance Security Advisory #23 DGNews version 2.1 XSS Attack Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want (for advanced users). Features: add unlimited

DGNews version 2.1 Path Disclosure Vulnerability

netVigilance Security Advisory #21 DGNews version 2.1 Path Disclosure Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want (for advanced users). Features: add unlimited

Jetbox CMS version 2.1 XSS Attack Vulnerability

netVigilance Security Advisory #29 Jetbox CMS version 2.1 XSS Attack Vulnerability Description: Jetbox CMS is seriously tested on usability has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from layout.

Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory #28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully

Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #27 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities Description: Jetbox CMS is seriously tested on usability has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully

Jetbox CMS version 2.1 E-Mail Injection Vulnerability

netVigilance Security Advisory #26 Jetbox CMS version 2.1 E-Mail Injection Vulnerability Description: Jetbox content management system is seriously tested on usability has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is

SonicBB version 1.0 XSS Attack Vulnerabilities

netVigilance Security Advisory #20 SonicBB version 1.0 XSS Attack Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher installed.SonicBB is the

MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #17 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. Full control over your discussion system is presented right at the tip of your fingers, from

SonicBB version 1.0 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory #19 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher

SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory #18 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher

Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities

netVigilance Security Advisory #11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page

Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability

netVigilance Security Advisory #13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html

Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory #12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html

UseBB Version 1.0.4 Path Disclosure Vulnerability

netVigilance Security Advisory #16 UseBB Version 1.0.4 Path Disclosure Vulnerability Description: UseBB is an Open Source forum package developed in PHP and using the popular MySQL database back-end to store data. Unlike other popular forum systems, UseBB does not strive to have as many