[FD] [AIT-SA-20220208-01] SexyPolling SQL Injection

2022-04-22 Thread sec-advisory
SexyPolling SQL Injection | Identifier: | AIT-SA-20220208-01| | Target: | Sexy Polling ( Joomla Extension) | | Vendor: | 2glux | | Version: | all versions below version 2.1.8 | | CVE: | Not yet | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang

[FD] [AIT-SA-20210215-04] CVE-2020-24036: ForkCMS PHP Object Injection

2021-03-12 Thread sec-advisory
ForkCMS PHP Object Injection = | Identifier: | AIT-SA-20210215-04 | | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner (AIT

[FD] [AIT-SA-20210215-03] CVE-2020-24912: QCube Cross-Site-Scripting

2021-03-12 Thread sec-advisory
QCube Cross-Site-Scripting == | Identifier: | AIT-SA-20210215-03 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24912 | | Accessibility: | Remote | | Severity: | High | | Author: | Wolfgang Hotwagner (AIT

[FD] [AIT-SA-20210215-02] CVE-2020-24913: QCubed SQL Injection

2021-03-12 Thread sec-advisory
QCubed SQL Injection == | Identifier: | AIT-SA-20210215-02 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner (AIT Austrian

[FD] [AIT-SA-20210215-01] CVE-2020-24914: QCubed PHP Object Injection

2021-03-12 Thread sec-advisory
QCubed PHP Object Injection === | Identifier: | AIT-SA-20210215-01 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang

[FD] [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form

2020-03-06 Thread sec-advisory
# Directory Traversal in Creative Contact Form ## Overview * Identifier: AIT-SA-20200301-01 * Target: Creative Contact Form (for Joomla) * Vendor: Creative Solutions * Version: 4.6.2 (before Dec 03 2019) * CVE: CVE-2020-9364 * Accessibility: Remote * Severity: Critical * Author: Wolfgang

[FD] [AIT-SA-20191129-01] CVE-2019-16885: Unauthenticated remote code execution in OkayCMS

2019-12-06 Thread sec-advisory
# Unauthenticated remote code execution in OkayCMS ## Overview * Identifier: AIT-SA-20191129-01 * Target: OkayCMS * Vendor: OkayCMS * Version: all versions including 2.3.4 * CVE: CVE-2019-16885 * Accessibility: Local * Severity: Critical * Author: Wolfgang Hotwagner (AIT Austrian Institute of

[FD] [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius

2019-11-15 Thread sec-advisory
# Privilege Escalation via Logrotate in FreeRadius ## Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Accessibility: Local