[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD

= INTERNET SECURITY AUDITORS ALERT 2015-005 - Original release date: October 5, 2015 - Last revised: October 15th, 2015 - Discovered by: Vicente Aguilera Diaz - Severity: 2/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)

= INTERNET SECURITY AUDITORS ALERT 2014-001 - Original release date: February 4, 2014 - Last revised: February 4, 2014 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) - CVE-ID: -

[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail

= INTERNET SECURITY AUDITORS ALERT 2013-014 - Original release date: March 25th, 2013 - Last revised: March 25th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) - CVE-ID: CVE-2013-6229

[ISecAuditors Security Advisories] SQL Injection vulnerability in Project'Or RIA allow arbitrary access to the database and the file system

= INTERNET SECURITY AUDITORS ALERT 2013-017 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 6.8/10 (CVSSv2 Base Scored) - CVE-ID: CVE-2013-6164

[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in Project'Or RIA

= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) - CVE-ID: CVE-2013-6163

[ISecAuditors Security Advisories] LinkedIn social network is affected by Persistent Cross-Site Scripting vulnerability

= INTERNET SECURITY AUDITORS ALERT 2013-005 - Original release date: 3rd March 2013 - Last revised: 10th March 2013 - Discovered by: Eduardo Garcia Melia - Severity: 5.2/10 (CVSS Base Scored) = I.

[ISecAuditors Security Advisories] XSS vulnerability in LinkedIn

= INTERNET SECURITY AUDITORS ALERT 2013-003 - Original release date: March 3rd, 2013 - Last revised: March 10th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Score) = I.

[ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab = v3.30

= INTERNET SECURITY AUDITORS ALERT 2013-011 - Original release date: March 21st, 2013 - Last revised: March 21st, 2013 - Discovered by: Manuel García Cárdenas - Severity: 5/10 (CVSS Base Score) - CVE-ID: CVE-2013-2652

[ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn

= INTERNET SECURITY AUDITORS ALERT 2013-016 - Original release date: June 8th, 2013 - Last revised: July 11th, 2013 - Discovered by: Eduardo Garcia Melia - Severity: 4.3/10 (CVSSv2 Base Score) = I.

[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart

= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 (CVSS Base Score) - CVE-ID: CVE-2013-3831

[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau = 2.7.11

= INTERNET SECURITY AUDITORS ALERT 2013-008 - Original release date: March 15th, 2013 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2013-2621, CVE-2013-2622,

[ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire = v3.5

= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: March 20th, 2013 - Last revised: March 25th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2013-2651

XAMPP 1.8.1 Local Write Access Vulnerability

= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel García Cárdenas - Severity: 6,8/10 (CVSS Base Score) - CVE-ID: CVE-2013-2586

[ISecAuditors Security Advisories] Multiple Reflected Cross-Site Scripting vulnerabilities

= INTERNET SECURITY AUDITORS ALERT 2012-003 - Original release date: 16th December 2012 - Last revised: 26th September 2013 - Discovered by: Eduardo Garcia Melia - Severity: 6.8/10 (CVSS Base Scored) = I.

[ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen = 1.3.0

= INTERNET SECURITY AUDITORS ALERT 2013-009 - Original release date: March 15th, 2013 - Last revised: June 4th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2013-2621, CVE-2013-2623,

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I.

[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g

= INTERNET SECURITY AUDITORS ALERT 2010-007 - Original release date: August 11th, 2010 - Last revised: May 1st, 2011 - Discovered by: Vicente Aguilera Diaz - Severity: 5.0/10 (CVSS Base Scored) = I.

[ISecAuditors Security Advisories] SQL Injection and XSS in Motorito v2.0 Ni 483

= INTERNET SECURITY AUDITORS ALERT 2010-005 - Original release date: March 30th, 2010 - Last revised: September 23th, 2010 - Discovered by: Mario Diaz Caldera - Severity: 5.5/10 (CVSS Base Score) = I.

[ISecAuditors Security Advisories] Insecure Direct Object Reference in tuenti.com allow to read of any message user

= INTERNET SECURITY AUDITORS ALERT 2010-008 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4/10 (CVSSv2 Base Scored) = I.

[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail v6.2.0

= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) = I.

[ISecAuditors Security Advisories] Simple PHP Blog = 0.5.1 Local File Include vulnerability

= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 (CVSS scored) = I. VULNERABILITY

[ISecAuditors Security Advisories] PHP-Calendar = v1.1 'configfile' Remote and Local File Inclusion vulnerability

= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 (CVSS Base Score)

[ISecAuditors Security Advisories] Cisco ASA = 8.x VPN SSL module Clientless URL-list control bypass

= INTERNET SECURITY AUDITORS ALERT 2009-013 - Original release date: December 7th, 2009 - Last revised: December 16th, 2009 - Discovered by: David Eduardo Acosta Rodriguez - Severity: 4/10 (CVSS Base Score) =

[ISecAuditors Security Advisories] Horde 3.3.5 PHP_SELF Cross-Site Scripting vulnerability

= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 (CVSS Base Score)

[ISecAuditors Security Advisories] QuiXplorer =2.4.1beta Remote Code Execution vulnerability

= INTERNET SECURITY AUDITORS ALERT 2009-003 - Original release date: March 2nd, 2009 - Last revised: December 17th, 2009 - Discovered by: Juan Galiana Lara - Severity: 9/10 (CVSS scored) = I. VULNERABILITY

[ISecAuditors Security Advisories] WP-Forum = 2.3 SQL Injection vulnerabilities

= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 (CVSS Base Score)

[ISecAuditors Security Advisories] Joomla! 1.5.12 Multiple Full Path Disclosure vulnerabilities

= INTERNET SECURITY AUDITORS ALERT 2009-009 - Original release date: July 21st, 2009 - Last revised: July 23rd, 2009 - Discovered by: Juan Galiana Lara - Severity: 5/10 (CVSS Base Score) = I. VULNERABILITY

[ISecAuditors Security Advisories] Gmail vulnerable to automated password cracking

= INTERNET SECURITY AUDITORS ALERT 2009-NNN - Original release date: July 7th, 2009 - Last revised: July 17th, 2009 - Discovered by: Vicente Aguilera Diaz - Severity: 4.5/10 (CVSS Base Score) = I.

[ISecAuditors Security Advisories] Joomla! 1.5.12 Multiple XSS vulnerabilities in HTTP Headers

= INTERNET SECURITY AUDITORS ALERT 2009-007 - Original release date: June 30th, 2009 - Last revised: July 2nd, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 (CVSS Base Score) = I. VULNERABILITY

[ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS

= INTERNET SECURITY AUDITORS ALERT 2009-006 - Original release date: April 5th, 2009 - Last revised: June 5th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.4/10 (CVSS Base Score) = I. VULNERABILITY

[ISecAuditors Security Advisories] ModSecurity 2.5.9 remote Denial of Service (DoS)

= INTERNET SECURITY AUDITORS ALERT 2009-001 - Original release date: February 25th, 2009 - Last revised: March 19th, 2009 - Discovered by: Juan Galiana Lara - Severity: 7.8/10 (CVSS Base Scored) = I.

[ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability

= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 (CVSS scored) = I. VULNERABILITY

[ISecAuditors Security Advisories] eXtplorer Remote Code Execution

= INTERNET SECURITY AUDITORS ALERT 2009-002 - Original release date: January 7th, 2009 - Last revised: March 2nd, 2009 - Discovered by: Juan Galiana Lara - Severity: 9/10 (CVSS scored) = I. VULNERABILITY

[ISecAuditors Security Advisories] PSI remote integer overflow DoS

= INTERNET SECURITY AUDITORS ALERT 2008-004 - Original release date: 12th December, 2008 - Last revised: 22nd December, 2008 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS

= INTERNET SECURITY AUDITORS ALERT 2008-001 - Original release date: January 3rd, 2008 - Last revised: December 22nd, 2008 - Discovered by: Jesus Olmos Gonzalez - Severity: 2/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution

= INTERNET SECURITY AUDITORS ALERT 2006-006 - Original release date: February 28, 2006 - Last revised: July 18th, 2008 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack

= INTERNET SECURITY AUDITORS ALERT 2007-006 - Original release date: December 18th, 2007 - Last revised: December 24th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS

= INTERNET SECURITY AUDITORS ALERT 2007-004 - Original release date: November 7th, 2007 - Last revised: December 7th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check

= INTERNET SECURITY AUDITORS ALERT 2007-005 - Original release date: May 23rd, 2007 - Last revised: November 24th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS

= INTERNET SECURITY AUDITORS ALERT 2006-004 - Original release date: April 18, 2006 - Last revised: November 13, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 1/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass

= INTERNET SECURITY AUDITORS ALERT 2006-013 - Original release date: December 15, 2006 - Last revised: May 22, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS

= INTERNET SECURITY AUDITORS ALERT 2007-001 - Original release date: January 17, 2007 - Last revised: January 17, 2007 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 = I. VULNERABILITY

[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS

= INTERNET SECURITY AUDITORS ALERT 2006-007 - Original release date: April 27, 2006 - Last revised: December 1, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 2/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail

= INTERNET SECURITY AUDITORS ALERT 2006-011 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 = I. VULNERABILITY

[ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail

= INTERNET SECURITY AUDITORS ALERT 2006-010 - Original release date: September 28, 2006 - Last revised: December 1, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 = I. VULNERABILITY

[ISecAuditors Advisories] IMAP/SMTP Injection in SquirrelMail

= INTERNET SECURITY AUDITORS ALERT 2006-002 - Original release date: February 27, 2006 - Last revised: February 27, 2006 - Discovered by: Vicente Aguilera Diaz - Severity: 3/5 = I. VULNERABILITY

[ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat

= INTERNET SECURITY AUDITORS ALERT 2006-003 - Original release date: January 12, 2006 - Last revised: January 23, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 = I. VULNERABILITY