Advisory:
|
PHP Address Book 6.2.12 Multiple security vulnerabilities
|
Advisory ID: |
SSCHADV2012-007 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on PHP Address Book 6.2.12 |
Vendor URL: |
|
Vendor Status: |
informed
|
EDB-ID: |
18578 |
CVE-ID:
|
CVE-2012-1911, CVE-2012-1912
|
======================
Vulnerability Description
======================
PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities
Continue reading "SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities"
In this short video I will show you, how you can build a backdoor in OpenSSH 5.9
Steps
1. Define the backdoor password in auth.h
2. Edit the auth-passwd.c file and set the backdoor into it
3. Set integer ‘backdoorActive’ in log.h
4. Disable logging for the backdoor login in log.c
5. Compile
6. Test the backdoor :-) |
Continue reading "[Video] - Build a backdoor in OpenSSH 5.9"
Advisory:
|
WikyBlog 1.7.3RC2 XSS vulnerability
|
Advisory ID: |
SSCHADV2012-006 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on WikyBlog 1.7.3RC2 |
Vendor URL: |
|
Vendor Status: |
informed
|
CVE-ID: |
CVE-2012-1913
|
======================
Vulnerability Description
======================
WikyBlog 1.7.3RC2 is prone to a XSS vulnerability
Continue reading "SSCHADV2012-006 - WikyBlog 1.7.3RC2 XSS vulnerability"
Advisory:
|
Wikidforum 2.10 Multiple security vulnerabilities
|
Advisory ID: |
SSCHADV2012-005 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on Wikidforum 2.10 |
Vendor URL: |
|
Vendor Status: |
informed
|
OSVDB ID:
|
80838, 80839, 80840
|
======================
Vulnerability Description
======================
Wikidforum 2.10 is prone to multiple XSS and SQL-Injection vulnerabilities
Continue reading "SSCHADV2012-005 - Wikidforum 2.10 Multiple security vulnerabilities"
Advisory:
|
WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
|
Advisory ID: |
SSCHADV2012-003 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on WebsiteBaker 2.8.2 SP2 |
Vendor URL: |
|
Vendor Status: |
fixed
|
|
|
======================
Vulnerability Description
======================
HTTP-Referer in WebsiteBaker 2.8.2 SP2 is prone to a XSS vulnerability
Continue reading "SSCHADV2012-003 - WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability"
Advisory:
|
SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
|
Advisory ID:
|
INFOSERVE-ADV2012-01
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on SimpleGroupware 0.742
|
Vendor URL:
|
|
Vendor Status:
|
fixed (see Changelog)
|
|
|
======================
Vulnerability Description
======================
SimpleGroupware 0.742 ‘export’ parameter XSS vulnerability
Continue reading "INFOSERVE-ADV2012-01 - SimpleGroupware 0.742 Cross-Site-Scripting vulnerability"