Original:
http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailing-apps-did-not-use-ssl.html
CERT Advisory:
https://www.kb.cert.org/vuls/id/439016
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile
Knowledge)
Overview
Arro and possibly over 100 other
Original at:
http://securityresearch.shaftek.biz/2015/09/insufficient-parameter-sanitization-login-live-com.html
Overview
Web widgets hosted by Microsofts online login portal, login.live.com, do not
perform sufficient parameter sanitization allowing an attacker to inject
arbitrary text.
netVigilance Security Advisory #54
SAXON version 5.4 XSS Attack Vulnerability
Description:
SAXON is a simple accessible online news publishing system for personal and
small corporate site owners. Publish news, using configurable templates, on any
.php page on your site. Publish news
netVigilance Security Advisory #53
SAXON version 5.4 Multiple Path Disclosure Vulnerabilities
Description:
SAXON is a simple accessible online news publishing system for personal and
small corporate site owners. Publish news, using configurable templates, on any
.php page on your
netVigilance Security Advisory #66
SimpGB version 1.46.02 Information Disclosure Vulnerability
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and
support for multiple languages. Features: Data stored in MySQL, Administration
interface, Support for
netVigilance Security Advisory #68
SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin
interface, support for multiple languages, support for multiple instances in
one database,
netVigilance Security Advisory #64
SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and
support for multiple languages. Features: Data stored in MySQL, Administration
interface, Support
netVigilance Security Advisory #67
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and
support for multiple languages. Features: Data stored in MySQL, Administration
interface, Support for
netVigilance Security Advisory #65
SimpGB version 1.46.02 File Content Disclosure Vulnerability
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and
support for multiple languages. Features: Data stored in MySQL, Administration
interface, Support
netVigilance Security Advisory #70
SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin
interface, support for multiple languages, support for multiple instances in
one database, own
netVigilance Security Advisory #69
SimpNews version 2.41.03 File Content Disclosure Vulnerability
Description:
SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin
interface, support for multiple languages, support for multiple instances in
one database, own
netVigilance Security Advisory #31
eTicket version 1.5.5 XSS Attack Vulnerability
Description:
eTicket is an electronic (open source) support ticket system based on osTicket,
that can receive tickets via email (pop3 or pipe) and a web-based form, as well
as manage them using a web
netVigilance Security Advisory #31
eTicket version 1.5.5 XSS Attack Vulnerability
Description:
eTicket is an electronic (open source) support ticket system based on osTicket,
that can receive tickets via email (pop3 or pipe) and a web-based form, as well
as manage them using a web
netVigilance Security Advisory #37
Calendarix version 0.7. 20070307 Multiple XSS Attacks
Description:
Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It
has been developed with ease of use and quick access to information in mind.
It provides the user with the
netVigilance Security Advisory #35
Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities
Description:
Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It
has been developed with ease of use and quick access to information in mind.
It
netVigilance Security Advisory #25
MyNews version 0.10 SQL Injection Vulnerability
Description:
MyNews is very easy to include into any website news publishing, just as simple
as using the include tag and calling the function to display the news. BBCode
has been added to this feature,
netVigilance Security Advisory #38
Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities
Description:
Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It
has been developed with ease of use and quick access to information in mind.
It
netVigilance Security Advisory #32
WSPortal version 1.0 Path Disclosure Vulnerability
Description:
WSPortal is a site management system coded in PHP/MySQL. It is capable of
adding pages, adding news to pages, adding images to news articles, alerting
the site or a specific ip address,
netVigilance Security Advisory #34
Utopia News Pro version 1.4.0 XSS Attack Vulnerability
Description:
Utopia News Pro is a powerful and scalable news management system for any web
site. News Pro, written in PHP and backed by the renowned MySQL database
system, Utopia Software's News
netVigilance Security Advisory #33
WSPortal version 1.0 SQL Injection Vulnerability
Description:
WSPortal is a site management system coded in PHP/MySQL. It is capable of
adding pages, adding news to pages, adding images to news articles, alerting
the site or a specific ip address,
netVigilance Security Advisory #24
myEvent version 1.6 Multiple Path Disclosure Vulnerabilities
Description:
myEvent is Dynamic Calendar based Events Management system with admin panel for
adding events, edit and delete built using PHP mySQL. Display today's event
and future events
netVigilance Security Advisory #22
DGNews version 2.1 SQL Injection Vulnerability
Description:
DGNews is small and simple but powered news publishing. Easy installation, no
programing required. But you can still change whatever you want (for advanced
users). Features: add unlimited
netVigilance Security Advisory #23
DGNews version 2.1 XSS Attack Vulnerability
Description:
DGNews is small and simple but powered news publishing. Easy installation, no
programing required. But you can still change whatever you want (for advanced
users). Features: add unlimited
netVigilance Security Advisory #21
DGNews version 2.1 Path Disclosure Vulnerability
Description:
DGNews is small and simple but powered news publishing. Easy installation, no
programing required. But you can still change whatever you want (for advanced
users). Features: add unlimited
netVigilance Security Advisory #29
Jetbox CMS version 2.1 XSS Attack Vulnerability
Description:
Jetbox CMS is seriously tested on usability has a professional intuitive
interface. The system is role based, with workflow and module orientated. All
content is fully separated from layout.
netVigilance Security Advisory #28
Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities
Description:
Jetbox CMS is seriously tested on usability has a professional intuitive
interface. The system is role based, with workflow and module orientated. All
content is fully
netVigilance Security Advisory #27
Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
Description:
Jetbox CMS is seriously tested on usability has a professional intuitive
interface. The system is role based, with workflow and module orientated. All
content is fully
netVigilance Security Advisory #26
Jetbox CMS version 2.1 E-Mail Injection Vulnerability
Description:
Jetbox content management system is seriously tested on usability has a
professional intuitive interface. The system is role based, with workflow and
module orientated. All content is
netVigilance Security Advisory #20
SonicBB version 1.0 XSS Attack Vulnerabilities
Description:
SonicBB is a user-friendly and fully customizable bulletin board package.
SonicBB is compatible with any web server/operating system combo with PHP 4.x
or higher installed.SonicBB is the
netVigilance Security Advisory #17
MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities
Description:
MyBB is a powerful, efficient and free forum package developed in PHP and
MySQL. Full control over your discussion system is presented right at the tip
of your fingers, from
netVigilance Security Advisory #19
SonicBB version 1.0 Multiple SQL Injection Vulnerabilities
Description:
SonicBB is a user-friendly and fully customizable bulletin board package.
SonicBB is compatible with any web server/operating system combo with PHP 4.x
or higher
netVigilance Security Advisory #18
SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities
Description:
SonicBB is a user-friendly and fully customizable bulletin board package.
SonicBB is compatible with any web server/operating system combo with PHP 4.x
or higher
netVigilance Security Advisory #11
Advanced Guestbook version 2.4.2 Multiple Error Information Leak
Vulnerabilities
Description:
Advanced Guestbook is a PHP-based guestbook script. It includes many useful
features such as preview, templates, e-mail notification, picture upload, page
netVigilance Security Advisory #13
Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
Description:
Advanced Guestbook is a PHP-based guestbook script. It includes many useful
features such as preview, templates, e-mail notification, picture upload, page
spanning , html
netVigilance Security Advisory #12
Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities
Description:
Advanced Guestbook is a PHP-based guestbook script. It includes many useful
features such as preview, templates, e-mail notification, picture upload, page
spanning , html
netVigilance Security Advisory #16
UseBB Version 1.0.4 Path Disclosure Vulnerability
Description:
UseBB is an Open Source forum package developed in PHP and using the popular
MySQL database back-end to store data. Unlike other popular forum systems,
UseBB does not strive to have as many
36 matches
Mail list logo