ZeusCart 4.0: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Zen Cart 1.5.4: Code Execution and Information Leak
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Zen Cart 1.5.4
Fixed in: partial fix via patch
Partial Patch Link:
ZeusCart 4.0: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: Code Execution
Remote
=
- Release date: 14.09.2015
- Discovered by: Dawid Golunski
- Severity: Medium/High
=
I. VULNERABILITY
-
Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
II.
FuzzDB has moved to Github.- https://github.com/fuzzdb-project/fuzzdb
- New and updated payload files
- Easier to find payloads
- Comments that were previously in payload files relocated to README.md
files
- Documentation and cheatsheets centralized in /docs
Pull requests welcomed!
ZeusCart 4.0: SQL Injection
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: SQL Injection
Remote
Hello list,
Weeman 1.1 - is a simple HTTP server (Using python).
The server will do the following steps:
1, will create a phishing page,
2, will grab the DATA take the user,
3, and will try to login the user to the original website.
Tested only on linux.
You will need to install python <=
secunet Security Networks AG Security Advisory
Advisory: Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
1. DETAILS
--
Product: Typo3 CMS
Vendor URL: typo3.org
Type:Cross-site Scripting[CWE-79]
Date found: 2015-07-30
Date published:
Exploit Title: ManageEngine OpManager multiple vulnerabilities
Product: ManageEngine OpManager
Vulnerable Versions: v11.5 and previous versions
Tested Version: v11.5 (Windows)
Advisory Publication: 14/09/2015
Vulnerability Type: hardcoded credentials, SQL query protection bypass
Credit: xistence
Anchor CMS 0.9.2: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Anchor CMS 0.9.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://anchorcms.com/
Vulnerability Type: XSS and Open
ZeusCart 4.0: CSRF
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: CSRF
Remote Exploitable: Yes
=
- Release date: 14.09.2015
- Discovered by: Dawid Golunski
- Severity: High
=
I. VULNERABILITY
-
Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
II. BACKGROUND
*# VENTOR: * www.ibooking.com.br
*# Vulnerable versions:* ALL
*# File: *filtro_faixa_etaria.php
*# Parameter: * idPousada(GET)
*# DORK: * intext:"Desenvolvido por ibooking"
*# Reported:* 15/10/2015
#
Exploit Title: ManageEngine EventLog Analyzer SQL query execution
Product: ManageEngine EventLog Analyzer
Vulnerable Versions: v10.6 build 10060 and previous versions
Tested Version: v10.6 build 10060 (Windows)
Advisory Publication: 14/09/2015
Vulnerability Type: authenticated SQL query execution
Document Title:
===
Paypal Inc - Open Redirect Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1598
Vulnerability Magazine:
15 matches
Mail list logo
