darksecurity.de

SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities

Posted by Stefan Schurtz on Saturday, March 10. 2012

Advisory:	PHP Address Book 6.2.12 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-007
Author:	Stefan Schurtz
Affected Software:	Successfully tested on PHP Address Book 6.2.12
Vendor URL:	http://sourceforge.net/projects/php-addressbook/
Vendor Status:	informed
EDB-ID:	18578
CVE-ID:	CVE-2012-1911, CVE-2012-1912

======================
Vulnerability Description
======================

PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities

Continue reading "SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities"

[Video] - Build a backdoor in OpenSSH 5.9

Posted by Stefan Schurtz on Thursday, March 8. 2012

In this short video I will show you, how you can build a backdoor in OpenSSH 5.9

Steps

1. Define the backdoor password in auth.h
2. Edit the auth-passwd.c file and set the backdoor into it
3. Set integer ‘backdoorActive’ in log.h
4. Disable logging for the backdoor login in log.c
5. Compile
6. Test the backdoor :-)

Continue reading "[Video] - Build a backdoor in OpenSSH 5.9"

SSCHADV2012-006 - WikyBlog 1.7.3RC2 XSS vulnerability

Posted by Stefan Schurtz on Sunday, March 4. 2012

Advisory:	WikyBlog 1.7.3RC2 XSS vulnerability
Advisory ID:	SSCHADV2012-006
Author:	Stefan Schurtz
Affected Software:	Successfully tested on WikyBlog 1.7.3RC2
Vendor URL:	http://www.wikyblog.com/
Vendor Status:	informed
CVE-ID:	CVE-2012-1913

======================
Vulnerability Description
======================

WikyBlog 1.7.3RC2 is prone to a XSS vulnerability

Continue reading "SSCHADV2012-006 - WikyBlog 1.7.3RC2 XSS vulnerability"

SSCHADV2012-005 - Wikidforum 2.10 Multiple security vulnerabilities

Posted by Stefan Schurtz on Wednesday, February 29. 2012

Advisory:	Wikidforum 2.10 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-005
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Wikidforum 2.10
Vendor URL:	http://www.wikidforum.com/
Vendor Status:	informed
OSVDB ID:	80838, 80839, 80840

======================
Vulnerability Description
======================

Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities

Continue reading "SSCHADV2012-005 - Wikidforum 2.10 Multiple security vulnerabilities"

SSCHADV2012-003 - WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability

Posted by Stefan Schurtz on Saturday, February 18. 2012

Advisory:	WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory ID:	SSCHADV2012-003
Author:	Stefan Schurtz
Affected Software:	Successfully tested on WebsiteBaker 2.8.2 SP2
Vendor URL:	http://www.websitebaker2.org
Vendor Status:	fixed

======================
Vulnerability Description
======================

HTTP-Referer in WebsiteBaker 2.8.2 SP2 is prone to a XSS vulnerability

Continue reading "SSCHADV2012-003 - WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability"

INFOSERVE-ADV2012-01 - SimpleGroupware 0.742 Cross-Site-Scripting vulnerability

Posted by Stefan Schurtz on Monday, February 6. 2012

Advisory:	SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
Advisory ID:	INFOSERVE-ADV2012-01
Author:	Stefan Schurtz
Contact:	security@infoserve.de
Affected Software:	Successfully tested on SimpleGroupware 0.742
Vendor URL:	http://www.simple-groupware.de/
Vendor Status:	fixed (see Changelog)

======================
Vulnerability Description
======================

SimpleGroupware 0.742 ‘export’ parameter XSS vulnerability

Continue reading "INFOSERVE-ADV2012-01 - SimpleGroupware 0.742 Cross-Site-Scripting vulnerability"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30