|
Advisory:
|
Tiki Wiki CMS Groupware Stored Cross-Site-Scripting
|
|
Advisory ID:
|
INFOSERVE-ADV2011-07
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on Tiki 8.1 & 6.4 LTS (affects all current releases)
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
CVE-ID:
|
CVE-2011-4551
|
======================
Vulnerability Description
======================
All current releases of Tiki Wiki are prone to a stored XSS vulnerability
Continue reading "INFOSERVE-ADV2011-07 - Tiki Wiki CMS Groupware stored Cross-Site-Scripting"
By my quick search for a fast and small HTTP-Proxy, which runs under OpenBSD, I’ve found the caching web proxy Polipo, which looks really good. Hence here is a short howto about the installation & configuration (which is really really fast & easy to do) of Polipo under OpenBSD.
Download
# cd /tmp/
# ftp http://freehaven.net/~chrisd/polipo/polipo-1.0.4.tar.gz
# tar xvfz polipo-1.0.4.tar.gz
Installation
# cd polipo-1.0.4
# make all
# make install
Continue reading "[Howto] - Polipo 1.0.4 under OpenBSD"
|
Advisory:
|
Seotoaster SQL-Injection Admin Login Bypass
|
|
Advisory ID:
|
INFOSERVE-ADV2011-06
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on Seotoaster v.1.9
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
Continue reading "INFOSERVE-ADV2011-06 - Seotoaster SQL-Injection Admin Login Bypass"
|
Advisory:
|
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
|
|
Advisory ID:
|
SSCHADV2011-035
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on PHP-SCMS 1.6.8
|
|
Vendor URL:
|
|
|
Vendor Status:
|
unpatched (no vendor feedback)
|
|
|
|
======================
Vulnerability Description:
======================
PHP-SCMS "lang" parameter is prone to a XSS vulnerability
Continue reading "SSCHADV2011-035 - PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability"
|
Advisory:
|
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
|
|
Advisory ID:
|
INFOSERVE-ADV2011-09
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on zFTPServer Suite 6.0.0.52
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
CVE-ID:
|
CVE-2011-4717
|
==========================
Vulnerability Description
==========================
zFTPServer 'rmdir' is prone to a Directory Traversal, which makes it possible to delete directories in the system
Continue reading "INFOSERVE-ADV2011-09 - zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal"
|
Advisory:
|
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
|
|
Advisory ID:
|
INFOSERVE-ADV2011-08
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on PHP Inventory 1.3.1
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
CVE-ID:
|
CVE-2009-4595,CVE-2009-4596,CVE-2009-4597
|
======================
Vulnerability Description
======================
PHP Inventory is (still) prone to a SQL-Injection (Auth Bypass) vulnerability
Continue reading "INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability"