Security Advisory - Curesec Research Team
1. Introduction
Affected Product:pfsense 2.3.2
Fixed in:2.3.3
Fixed Version Link: https://pfsense.org/download/
Vendor Website: https://www.pfsense.org/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:pfsense 2.3.2
Fixed in:2.3.3
Fixed Version Link: https://pfsense.org/download/
Vendor Website: https://www.pfsense.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: HumHub 0.20.1 / 1.0.0-beta.3
Fixed in: 1.0.0
Fixed Version https://www.humhub.org/en/download/default/form?version=1.0.0
Link: =zip
Vendor Website: https://www.humhub.org/
Vulnerability Code
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: HumHub 1.0.1 and earlier
Fixed in: 1.1.1
Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1
Link: =zip
Vendor Website: https://www.humhub.org/
Vulnerability XSS
Security Advisory - Curesec Research Team
1. Introduction
Affectedphplist 3.2.6
Product:
Fixed in: 3.3.1
Fixed Version https://sourceforge.net/projects/phplist/files/phplist/3.3.1/
Link: phplist-3.3.1.zip/download
Vendor Website: https://www.phplist.org/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affectedphplist 3.2.6
Product:
Fixed in: 3.3.1
Fixed Version https://sourceforge.net/projects/phplist/files/phplist/3.3.1/
Link: phplist-3.3.1.zip/download
Vendor Website: https://www.phplist.org/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website:https://www.elefantcms.com/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website:https://www.elefantcms.com/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website:https://www.elefantcms.com/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website:https://www.elefantcms.com/
Vulnerability
Content Table
1. Introduction
2. Failsafe mode
3. Installing Openwrt
4. Configuring Openwrt
5. Testing
1. Introduction
The goal of this guide is to provide a reliable and fast way for creating a lan
tap for red team assessments of networks. While this was our main target this
tap is also quite
Content Table
1. Introduction
2. The Firmware
3. The Android Application
4. The Problems
5. Conclusion
6. Appendix
6.1. Excursion Dalvik
6.2 Control script
1. Introduction
The HS-110 is a Smart Plug meaning it is capable of being controlled with
commands via a network. TP-Link released a mobile
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:FUDforum 3.0.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://fudforum.org/forum/
Vulnerability Type: LFI
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Jaws 1.1.1
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://jaws-project.com/
Vulnerability Type: Object Injection, Open Redirect, Cookie Flags
Remote Exploitable: Yes
Reported to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:FUDforum 3.0.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://fudforum.org/forum/
Vulnerability Type: XSS, Login CSRF
Remote Exploitable: Yes
Reported to vendor: 04/11/2016
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Jaws 1.1.1
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://jaws-project.com/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version Link: http://www.lepton-cms.org/posts/
important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability Type:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version http://www.lepton-cms.org/posts/
Link: important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability CSRF, Open
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: LEPTON 2.2.2 stable
Fixed in: 2.3.0
Fixed Version Link: http://www.lepton-cms.org/posts/
important-lepton-2.3.0-101.php
Vendor Website: http://www.lepton-cms.org/
Vulnerability Type:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MoinMoin 1.9.8
Fixed in:1.9.9
Fixed Version Link: http://static.moinmo.in/files/moin-1.9.9.tar.gz
Vendor Website: https://moinmo.in
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Mezzanine 4.2.0
Fixed in:4.2.1
Fixed Version Link: https://github.com/stephenmcd/mezzanine/releases/tag/4.2.1
Vendor Website: http://mezzanine.jupo.org/
Vulnerability Type: XSS
Remote Exploitable:
Security Advisory - Curesec Research Team
1. Introduction
Affected SPIP 3.1
Product:
Fixed in:3.1.2 / 3.0.23
Fixed Versionhttp://www.spip.net/en_download
Link:
Vendor Website: http://www.spip.net/
VulnerabilityReflected & Persistent XSS, Host Header Injection, httpOnly
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: MyLittleForum 2.3.6.1
Fixed in: 2.3.7beta
Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/
v2.3.7beta
Vendor Website: http://mylittleforum.net/
Vulnerability
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MyBB 1.8.6
Fixed in:1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Oxwall 1.8.0 (build 9900)
Fixed in:1.8.2
Fixed Version Link: https://developers.oxwall.com/download
Vendor Website: http://www.oxwall.org/
Vulnerability Type: XSS & Open Redirect
Remote Exploitable:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MyBB 1.8.6
Fixed in:1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: Improper validation of data passed to eval
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MyBB 1.8.6
Fixed in:1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MyBB 1.8.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.mybb.com/
Vulnerability Type: CSRF, Weak Hashing, Plaintext Passwords
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Kajona 4.7
Fixed in:5.0
Fixed Version Link: https://www.kajona.de/en/Downloads/
downloads.get_kajona.html
Vendor Website: https://www.kajona.de/
Vulnerability Type: XSS &
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Peel Shopping 8.0.2
Fixed in:8.0.3
Fixed Version Link: www.peel-shopping.com
Vendor Website: www.peel-shopping.com
Vulnerability Type: Object Injection
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:PivotX 2.3.11
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Reflected XSS
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:PivotX 2.3.11
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://pivotx.net/
Vulnerability Type: Directory Traversal
Remote Exploitable: Yes
Reported to vendor: 01/20/2016
Disclosed
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Atutor 2.2
Fixed in:partly in ATutor 2.2.1-RC1, complete in 2.2.1
Fixed Version Link: http://www.atutor.ca/atutor/download.php
Vendor Website: http://www.atutor.ca/
Vulnerability Type: XSS
Remote
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Opendocman 1.3.4
Fixed in:1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: HTML Injection
Remote Exploitable: Yes
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Opendocman 1.3.4
Fixed in:1.3.5
Fixed Version Link: http://www.opendocman.com/free-download/
Vendor Website: http://www.opendocman.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Grawlix 1.0.3
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.getgrawlix.com/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 11/17/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Arastta 1.1.5
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://arastta.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Disclosed to public:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Grawlix 1.0.3
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.getgrawlix.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 11/17/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:PhpSocial v2.0.0304_2026
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Webite: http://phpsocial.net
Vulnerability Type: XSS / Open Redirect
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:esoTalk 1.0.0g4
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: t...@esotalk.org
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 11/17/2015
Disclosed to public:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:PhpSocial v2.0.0304_2026
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Webite: http://phpsocial.net
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Arastta 1.1.5
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://arastta.org/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 11/21/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:4images 1.7.11
Fixed in:1.7.12
Fixed Version Link: http://www.4homepages.de/download-4images
Vendor Website: http://www.4homepages.de/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:4images 1.7.11
Fixed in:1.7.12
Fixed Version Link: http://www.4homepages.de/download-4images
Vendor Website: http://www.4homepages.de/
Vulnerability Type: Path Traversal
Remote Exploitable: Yes
#!/usr/local/bin/python
# Exploit for 4images 1.7.11 Code Execution vulnerability
# An admin account is required to use this exploit
# Curesec GmbH
import sys
import re
import argparse
import requests # requires requests lib
parser = argparse.ArgumentParser()
parser.add_argument("url",
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:CodoForum 3.4
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: ad...@codologic.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: phpwcms 1.7.9
Fixed in: 1.8.0 RC1
Fixed Version https://github.com/slackero/phpwcms/archive/
Link: phpwcms-1.8.0-RC1.zip
Vendor Website:http://www.phpwcms.de/
Vulnerability CSRF
Type:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Geeklog 2.1.0
Fixed in:2.1.1b3
Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156
Vendor Contact: geeklog-secur...@lists.geeklog.net
Vulnerability Type: XSS
Remote Exploitable: Yes
#!/usr/local/bin/python
# Exploit for geeklog-2.1.0 OS Command Injection vulnerability
# An admin account is required to use this exploit
# Curesec GmbH
import sys
import re
import argparse
import requests # requires requests lib
parser = argparse.ArgumentParser()
parser.add_argument("url",
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Geeklog 2.1.0
Fixed in:2.1.1b3
Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156
Vendor Contact: geeklog-secur...@lists.geeklog.net
Vulnerability Type: Code Execution
Remote
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: redaxscript 2.5.0
Fixed in: 2.6.1
Fixed Version Link: http://redaxscript.com/files/releases/
redaxscript_2.6.1_full.zip
Vendor Contact: i...@redaxmedia.com
Vulnerability Type: XSS
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:appRain 4.0.3
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: i...@apprain.com
Vulnerability Type: Path Traversal
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: appRain 4.0.3
Fixed in: Fixed via Optional Module
CSRF Protection Module http://www.apprain.com/extension/20/accounting-system?s
Link: =Description
Vendor Website:
it to sprintf.
The issue in version 1.3.2 is that the query parameter is also echoed
unencoded inside the title tag, which is why the POC contains .
Best
Curesec Research Team
Am 11/18/2015 um 6:50 PM schrieb Henri Salo:
> On Fri, Nov 13, 2015 at 05:07:01PM +0100, Curesec Research Team (CRT) wrote:
&
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:XCart 5.2.6
Fixed in:5.2.7
Fixed Version Link: https://www.x-cart.com/xc5kit
Vendor Contact: supp...@x-cart.com
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
AffectedSitemagic CMS 4.1
Product:
Fixed in: 4.1.1
Fixed Version http://sitemagic.org/index.php?SMExt=SMDownloads;
Link: SMDownloadsFile=SitemagicCMS411.zip
Vendor Contact: d...@sitemagic.org
Vulnerability XSS
#!/usr/local/bin/python
# Exploit for ClipperCMS 1.3.0 Code Execution vulnerability
# An account is required with rights to file upload (eg a user in the Admin,
Publisher, or Editor role)
# The server must parse htaccess files for this exploit to work.
# Curesec GmbH c...@curesec.com
import sys
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:ClipperCMS 1.3.0
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:XCart 5.2.6
Fixed in:5.2.7
Fixed Version Link: https://www.x-cart.com/xc5kit
Vendor Contact: supp...@x-cart.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 08/13/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:TomatoCart v1.1.8.6.1
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@tomatocart.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/29/2015
Disclosed to
#!/usr/local/bin/python
# Exploit for XCart 5.2.6 Code Execution vulnerability
# An admin account is required to use this exploit
# Curesec GmbH
import sys
import re
import requests # requires requests lib
if len(sys.argv) != 4:
exit("usage: python " + sys.argv[0] + "
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:ClipperCMS 1.3.0
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:LiteCart 1.3.2
Fixed in:1.3.3
Fixed Version Link: https://www.litecart.net/downloading?version=1.3.3.1
Vendor Contact: developm...@litecart.net
Vulnerability Type: XSS
Remote Exploitable: Yes
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:XCart 5.2.6
Fixed in:5.2.7
Fixed Version Link: https://www.x-cart.com/xc5kit
Vendor Contact: supp...@x-cart.com
Vulnerability Type: Path Traversal
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:TomatoCart v1.1.8.6.1
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@tomatocart.com
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 09/29/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:ClipperCMS 1.3.0
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://www.clippercms.com/
Vulnerability Type: Path Traversal
Remote Exploitable: Yes
Reported to vendor: 10/02/2015
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:AlegroCart 1.2.8
Fixed in:Patch AC128_fix_22102015
Path Link: http://forum.alegrocart.com/download/file.php?id=1047
Vendor Website: http://alegrocart.com/
Vulnerability Type: LFI/RFI
Remote
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:AlegroCart 1.2.8
Fixed in:Patch AC128_fix_17102015
Path Link: http://forum.alegrocart.com/download/file.php?id=1040
Vendor Website: http://alegrocart.com/
Vulnerability Type: SQL Injection
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:CubeCart 6.0.7
Fixed in:6.0.8
Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip
Vendor Contact: sa...@cubecart.com
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Quick.Cart 6.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: i...@opensolution.org
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/07/2015
Disclosed to public:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MiniBB 3.1.1
Fixed in:3.2
Fixed Version Link: http://www.minibb.com/download.php?file=minibb
Vendor Contact: secur...@minibb.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:MyWebSQL 3.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: http://mywebsql.net/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public:
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:OpenCart 2.0.3.1
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: https://www.opencart.com/
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:TheHostingTool 1.2.6
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Website: https://thehostingtool.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 09/07/2015
SQLiteManager 1.2.4: Multiple XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: SQLiteManager 1.2.4
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: sqlitemana...@gmail.com
Vulnerability Type: XSS
Remote
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:SQL Buddy 1.3.3
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: n...@deliciousbrains.com
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 08/18/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:SQL Buddy 1.3.3
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Contact: n...@deliciousbrains.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 08/18/2015
Disclosed to
Security Advisory - Curesec Research Team
1. Introduction
Affected Product:Chyrp CMS 2.5.2
Fixed in:not fixed
Fixed Version Link: n/a
Vendor Github: https://github.com/chyrp/chyrp
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed
ZeusCart 4.0: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Zen Cart 1.5.4: Code Execution and Information Leak
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Zen Cart 1.5.4
Fixed in: partial fix via patch
Partial Patch Link:
ZeusCart 4.0: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: Code Execution
Remote
ZeusCart 4.0: SQL Injection
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: SQL Injection
Remote
Anchor CMS 0.9.2: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Anchor CMS 0.9.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://anchorcms.com/
Vulnerability Type: XSS and Open
ZeusCart 4.0: CSRF
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: supp...@zeuscart.com
Vulnerability Type: CSRF
Remote Exploitable: Yes
NibbleBlog 4.0.3: CSRF
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: NibbleBlog 4.0.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://www.nibbleblog.com/
Vulnerability Type: CSRF
NibbleBlog 4.0.3: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: NibbleBlog 4.0.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://www.nibbleblog.com/
Vulnerability Type:
Serendipity 2.0.1: Persistent XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Serendipity 2.0.1
Fixed in: 2.0.2
Fixed Version Link:
https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip
Vendor Contact:
Bolt 2.2.4: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Bolt 2.2.4
Fixed in: 2.2.5
Fixed Version Link: http://bolt.cm/distribution/archive/bolt-2.2.5.zip
Vendor Contact: Website: https://bolt.cm
Phorum 5.2.19: Reflected XSS (IIS only) and Open Redirect
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Phorum 5.2.19
Fixed in: 5.2.20
Fixed Version Link: http://www.phorum.org/downloads/phorum_5_2_20.zip
Vendor Contact:
ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ModX Revolution 2.3.5-pl
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: he...@modx.com
91 matches
Mail list logo