[FD] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

2015-06-15 Thread RedTeam Pentesting GmbH
Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension Akronymmanager allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details === Product: sb_akronymmanager Affected Versions:

[FD] Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5

2015-06-15 Thread Nitin Venkatesh
# Title: Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5 # Submitter: Nitin Venkatesh # Product: Users to CSV Wordpress Plugin # Product URL: https://wordpress.org/plugins/users-to-csv/ (disabled) # Plugin SVN URL: https://plugins.svn.wordpress.org/users-to-csv/

[FD] eBay Security Assessment

2015-06-15 Thread cosmin0maier
Web Application Security Report m.ebay.com Multiple Vulnerabilities [1]: Cross-site Scripting - Stored XSS The iOS, Android application and m.ebay.com website has a section called “Followed Search” These followed search, by default, are pre-defined links to sections of eBay. It is possible