===== XSS ===== * SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga * SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios - [CVE-2011-1523] * SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga * SSCHADV2011-004 - Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" * SSCHADV2011-005 - Cross-Site Scripting vulnerability in Icinga * SSCHADV2011-006 - Cross-Site Scripting vulnerability in Nagios * SSCHADV2011-007 - Multiple Cross-Site Scripting vulnerabilities in BLOGCMS * SSCHADV2011-008 - Multiple Cross-Site Scripting vulnerabilities in WebCalendar * SSCHADV2011-009 - Multiple XSS vulnerabilities on www.netto-travel.de * SSCHADV2011-011 - XSS vulnerability in FortiMail Messaging Security Appliance * SSCHADV2011-013 - Multiple XSS vulnerabilities in LightNEasy * SSCHADV2011-014 - Multiple XSS vulnerabilities in Papoo Light Version * SSCHADV2011-015 - Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability - [CVE-2011-4090] * SSCHADV2011-016 - Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability * SSCHADV2011-017 - Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities - [CVE-2011-4090] * SSCHADV2011-020 - Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability * SSCHADV2011-021 - Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities * SSCHADV2011-022 - phpFK 7.2.5 Multiple Cross-site Scripting Vulnerabilities * SSCHADV2011-023 - Phorum 5.2.18 Cross-site scripting vulnerability * SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities * SSCHADV2011-025 - Contao 2.10.1 Cross-site scripting vulnerability * SSCHADV2011-028 - FreeSMS (Free Student Management System) Multiple Cross-site Scripting Vulnerabilities * SSCHADV2011-029 - PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities * SSCHADV2011-033 - Metasploit 4.1.0 Web UI "project[name]" XSS vulnerability * SSCHADV2011-035 - PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability * SSCHADV2011-037 - Achievo 1.4.5 Multiple XSS vulnerabilities * SSCHADV2011-038 - Ariadne 2.7.6 Multiple XSS vulnerabilitie * SSCHADV2011-041 - phpVideoPro Multiple XSS vulnerabilities * SSCHADV2011-042 - Beehive Forum 101 Multiple XSS vulnerabilities ===== SQL Injection ===== * SSCHADV2011-019 - openEngine 2.0 'id' Blind SQL Injection vulnerability * SSCHADV2011-026 - openEngine 2.0 'key' Blind SQL Injection vulnerability * SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability ===== Full Path Disclosure ===== * SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure ===== Local File Inclusion ===== * SSCHADV2011-034 - osCSS2 "_ID" parameter Local file inclusion ===== Buffer Overflow ===== * SSCHADV2011-040 - Nagios Plugin 'check_ups' Local Buffer Overflow ===== Multiple vulnerabilities ===== * SSCHADV2011-010 - Multiple vulnerabilities on www.salue.de * SSCHADV2011-012 - Multiple vulnerabilities in Zimplit CMS * SSCHADV2011-018 - AdaptCMS 2.0.1 Multiple Security vulnerabilities * SSCHADV2011-027 - KaiBB 2.0.1 XSS and SQL Injection vulnerabilities * SSCHADV2011-030 - Site@School 2.4.10 SQL Injection & XSS vulnerabilities * SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities // INFOSERVE ==== XSS ===== * INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities - [CVE-2011-4454, CVE-2011-4455] * INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 - [CVE-2011-4329] * INFOSERVE-ADV2011-04 - Multiple Cross-Site-Scripting vulnerabilities in x3cms * INFOSERVE-ADV2011-07 - Tiki Wiki CMS Groupware Stored Cross-Site-Scripting - [CVE-2011-4551] * INFOSERVE-ADV2011-11 - VertrigoServ 2.25 Cross-Site-Scripting vulnerability * INFOSERVE-ADV2011-12 - SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities ===== SQL Injection ===== * INFOSERVE-ADV2011-06 - Seotoaster SQL-Injection Admin Login Bypass * INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability - [CVE-2009-4595,CVE-2009-4596,CVE-2009-459] ===== Directory Traversal ===== * INFOSERVE-ADV2011-09 - zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal - [CVE-2011-4717] ===== Multiple vulnerabilities ===== * INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop