Skip to content

SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability

Advisory:
Meditate Web Content Editor ‘username_input’ SQL-Injection vulnerability
Advisory ID:
SSCHADV2011-039
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Meditate 1.2
Vendor URL:
Vendor Status:
fixed
EDB-ID:
18202
 
======================
Vulnerability Description:
======================
 
Meditate Web Content Editor is prone to a SQL-Injection vulnerability
 
Continue reading "SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability"

HAKIN9 IT Security Magazin - 12/2011

Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
 
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
 
Well, enough of the words, here are the links: HAKIN9 IT Security Magazin – 12/2011 or here
 
Enjoy yourself!

SSCHADV2011-038 - Ariadne 2.7.6 Multiple XSS vulnerabilities

Advisory:
Ariadne 2.7.6 Multiple XSS vulnerabilities
Advisory ID:
SSCHADV2011-038
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Ariadne 2.7.6
Vendor URL:
Vendor Status:
informed
CVE-ID:
CVE-2011-4938 (thx to Henri Salo)
 
======================
Vulnerability Description:
======================
 
Ariadne 2.7.6 is prone to multiple Cross-Site scripting vulnerabilities
 

 

Continue reading "SSCHADV2011-038 - Ariadne 2.7.6 Multiple XSS vulnerabilities"

SSCHADV2011-037 - Achievo 1.4.5 Multiple XSS vulnerabilities

Advisory:
Achievo 1.4.5 Multiple XSS vulnerabilities
Advisory ID:
SSCHADV2011-037
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Achievo 1.4.5
Vendor URL:
Vendor Status:
informed
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
Achievo 1.4.5 is prone to multiple Cross-Site scripting vulernabilities
 
Continue reading "SSCHADV2011-037 - Achievo 1.4.5 Multiple XSS vulnerabilities"

Check Point Endpoint Security Client - Disconnect after 20 seconds

Check Point Endpoint Security Client  – Disconnect after 20 seconds

After connecting with the new Endpoint Security Client E75.20 or E75.10 to a R75.10 Security Gateway,  the client disconnects after 20 seconds when no traffic is made.
 
Continue reading "Check Point Endpoint Security Client - Disconnect after 20 seconds"

INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

Advisory:
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory ID:
INFOSERVE-ADV2011-01
Author:
Stefan Schurtz
Contact:
Affected Software:
Successfully tested on Tiki 7.2 & 8.0 RC1
Vendor URL:
Vendor Status:
fixed for Tiki 7 (New Tiki 6 LTS release in progress)
CVE-ID:
CVE-2011-4454, CVE-2011-4455
 
======================
Vulnerability Description
======================
 
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities
 
Continue reading "INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities"
Imprint | Contact | Privacy Statement