[FD] Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1

2014-12-23 Thread Steffen Rösemann
Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Advisory ID: SROEADV-2014-02 Author: Steffen Rösemann Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014) Vendor URL: http://www.s9y.org/ Vendor Status: fixed CVE-ID

[FD] Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5

2014-12-23 Thread Steffen Rösemann
Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014) Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID

[FD] Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS

2014-12-30 Thread Steffen Rösemann
Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved CVE-ID

[FD] SQL injection vulnerability in Pragyan CMS v.3.0

2015-02-03 Thread Steffen Rösemann
Advisory: SQL injection vulnerability in Pragyan CMS v.3.0 Advisory ID: SROEADV-2015-11 Author: Steffen Rösemann Affected Software: Pragyan CMS v.3 Vendor URL: https://github.com/delta/pragyan, http://delta.nitt.edu/ Vendor Status: vendor did not respond after initial communication CVE-ID

[FD] Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha

2015-01-22 Thread Steffen Rösemann
Advisory: Advisory ID: SROEADV-2015-10 Author: Steffen Rösemann Affected Software: ferretCMS v. 1.0.4-alpha Vendor URL: https://github.com/JRogaishio/ferretCMS Vendor Status: vendor will patch eventually CVE-ID: - Tested on: - Firefox 35, Iceweasel 31 - Mac OS X 10.10, Kali Linux 1.0.9a

[FD] Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version)

2015-02-12 Thread Steffen Rösemann
Advisory: Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Advisory ID: SROEADV-2015-14 Author: Steffen Rösemann Affected Software: Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Vendor URL: https

[FD] SQL injection vulnerabilities in zerocms = v.1.3.3

2015-01-31 Thread Steffen Rösemann
Advisory: SQL injection vulnerabilities in zerocms = v.1.3.3 Advisory ID: SROEADV-2015-13 Author: Steffen Rösemann Affected Software: zerocms = v.1.3.3 (released 23rd-Jan-2015) Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 CVE-ID

[FD] Reflecting XSS vulnerability in CMS Croogo v.2.2.0

2015-01-11 Thread Steffen Rösemann
Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Advisory ID: SROEADV-2015-02 Author: Steffen Rösemann Affected Software: CMS Croogo v.2.20 Vendor URL: https://croogo.org Vendor Status: solved CVE-ID: - == Vulnerability Description

[FD] Reflecting XSS vulnerability in CMS e107 v. 1.0.4

2015-01-09 Thread Steffen Rösemann
Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Advisory ID: SROEADV-2014-05 Author: Steffen Rösemann Affected Software: CMS e107 v. 1.0.4 Vendor URL: http://e107.org Vendor Status: did not respond to issue CVE-ID: - == Vulnerability Description

[FD] SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0

2015-01-06 Thread Steffen Rösemann
Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 (Release-Date: 18th-Feb-2014) Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID

[FD] Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0

2015-01-13 Thread Steffen Rösemann
Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014) Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID

[FD] Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0

2015-01-08 Thread Steffen Rösemann
Advisory: Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Advisory ID: SROEADV-2014-10 Author: Steffen Rösemann Affected Software: CMS BEdita v. 3.4.0 (Release-Date: 9th-May-2014) Vendor URL: http://www.bedita.com Vendor Status: working on a patch CVE-ID

[FD] ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities

2015-02-22 Thread Steffen Rösemann
Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will asked to be assigned after release

[FD] Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3

2015-02-21 Thread Steffen Rösemann
Advisory: Stored XSS-Vulnerabilities in MyBB v. 1.8.3 Advisory ID: SROEADV-2015-15 Author: Steffen Rösemann Affected Software: MyBB v. 1.8.3 Vendor URL: http://www.mybb.com Vendor Status: patched CVE-ID: - == Vulnerability Description: == MyBB v

[FD] Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0

2015-02-21 Thread Steffen Rösemann
Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked