Skip to content

SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability

Advisory:
Metasploit 4.1.0 Web UI stored XSS vulnerability
Advisory ID:
SSCHADV2011-033
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Metasploit 4.1.0
Vendor URL:
Vendor Status:
fixed
EDB-ID:
18012
 
======================
Vulnerability Description:
======================
 
Metasploit Web UI "project[name]" parameter is prone to a XSS vulnerability
 
Continue reading "SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability"

SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure

Advisory:
Piwik 1.6 Full Path Disclosure
Advisory ID:
SSCHADV2011-032
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Piwik 1.6
Vendor URL:
Vendor Status:
informed but no fix available
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
Piwik 1.6 is prone to a Full Path Disclosure vulnerability
 
Continue reading "SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure"

SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities

Advisory:
Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
Advisory ID:
SSCHADV2011-031
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Yet Another CMS 1.0
Vendor URL:
Vendor Status:
informed
EDB-ID:
17997
 
======================
Vulnerability Description:
======================
 
Yet Another CMS 1.0 is prone to multiple SQL Injection and XSS vulnerabilities
 
Continue reading "SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities"

SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities

Advisory:
SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
Advisory ID:
SSCHADV2011-024
Author:
Stefan Schurtz
Affected Software:
Successfully tested on SilverStripe 2.4.5
Vendor URL:
Vendor Status:
fixed
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
SilverStripe 2.4.5 backend is prone to multiple Cross-site scripting vulnerabilities
 
Continue reading "SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities"

SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities

Advisory:
Site@School 2.4.10 SQL Injection & XSS vulnerabilities
Advisory ID:
SSCHADV2011-030
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Site@School 2.4.10
Vendor URL:
Vendor Status:
insecure and no longer maintained
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
Site@School is prone to multiple SQL Injection and XSS vulernabilities
 
Continue reading "SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities"

SSCHADV2011-029 - PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities

Advisory:
PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities
Advisory ID:
SSCHADV2011-029
Author:
Stefan Schurtz
Affected Software:
Successfully tested on PHP Booking Calendar 10e
Vendor URL:
Vendor Status:
informed
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
PHP Booking Calendar is prone to multiple Cross-Site scripting vulernabilities
 
Continue reading "SSCHADV2011-029 - PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities"
Imprint | Contact | Privacy Statement