Skip to content

KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability

Advisory:
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
Advisory ID: KORAMIS-ADV2012-001
Contact: security@koramis.de
Author: Stefan Schurtz
Affected Software: Successfully tested on Serendipity 1.6
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-2331, CVE-2012-2332
EDB-ID: 18884
 
==========================
Vulnerability Description
==========================
 
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability
 
Continue reading "KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability"

SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities

Advisory:
Baby Gekko v1.2.0 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-012
Author: Stefan Schurtz
Affected Software: Successfully tested on Baby Gekko v1.2.0
Vendor URL: http://www.babygekko.com/
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
Baby Gekko v1.2.0 is prone to multiple Cross-Site scripting vulnerabilities
 
Continue reading "SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities"
Imprint | Contact | Privacy Statement