Re: [FD] AnchorCMS - PHP Object Injection (CVE-2015-5687) and More

2015-08-30 Thread Scott Arciszewski
Corrected links: https://github.com/anchorcms/anchor-cms/blob/07933dbc7939326bb4973827a0934d1a610851d1/system/helpers.php#L55-L59 https://github.com/anchorcms/anchor-cms/blob/66581e5969029e7b6dfddfe3326bb9f15f27b859/anchor/libraries/hash.php#L15 Scott Arciszewski Chief Development Officer

[FD] KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

2015-08-30 Thread Jing Wang
*KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug* Exploit Title: KnowledgeTree login.php errorMessage parameter Reflected XSS Web Security Vulnerability Product: Knowledge Tree Document Management System Vendor: Knowledge Inc Vulnerable Versions: