Skip to content

INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop

Advisory:
Multiple security vulnerabilities in AShop
Advisory ID:
INFOSERVE-ADV2011-02
Author:
Stefan Schurtz
Contact:
Affected Software:
Successfully tested on AShop513
Vendor URL:
Vendor Status:
fixed in Version 5.1.4
 
======================
Vulnerability Description:
======================
 
AShop is prone to multiple security vulnerabilities
 
Continue reading "INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop"

INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

Advisory:
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory ID:
INFOSERVE-ADV2011-03
Author:
Stefan Schurtz
Contact:
Affected Software:
Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL:
Vendor Status:
fixed in the 3.1 branch
 
======================
Vulnerability Description:
======================
 
Dolibarr 3.1.0 is prone to multiple XSS vulnerability
 
Continue reading "INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0"

SSCHADV2011-034 - osCSS2 "_ID" parameter Local file inclusion

Advisory:
osCSS2 "_ID" parameter Local file inclusion
Advisory ID:
SSCHADV2011-034
Author:
Stefan Schurtz
Affected Software:
Successfully tested on osCSS2 2.1.0 (latest version)
Vendor URL:
Vendor Status:
Fixed in svn branche 2.1.0 and reported in develop version 2.1.1
EDB-ID:
18099
 
======================
Vulnerability Description:
======================
 
osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability
 
Continue reading "SSCHADV2011-034 - osCSS2 "_ID" parameter Local file inclusion"

SSCHADV2011-017 - Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities

Advisory:
Serendipity Plugin ‘Karma Ranking’ Multiple Cross-Site Scripting vulnerabilities
Advisory ID:
SSCHADV2011-017
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1
Vendor URL:
Vendor Status:
fixed
CVE-ID:
-
 
======================
Vulnerability Description:
======================

Multiple parameters in the Karma Ranking plugin (Serendipity backend) are prone to a Cross-Site Scripting vulnerability
 
Continue reading "SSCHADV2011-017 - Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities"

SSCHADV2011-015 - Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

Advisory:
Serendipity ‘serendipity[filter][bp.ALT]’ Cross-Site Scripting vulnerability
Advisory ID:
SSCHADV2011-015
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.5.5
Vendor URL:
Vendor Status:
fixed
CVE-ID:
-
 
======================
Vulnerability Description:
======================

The parameter "serendipity[filter][bp.ALT]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability
 
Continue reading "SSCHADV2011-015 - Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability"

SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability

Advisory:
Metasploit 4.1.0 Web UI stored XSS vulnerability
Advisory ID:
SSCHADV2011-033
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Metasploit 4.1.0
Vendor URL:
Vendor Status:
fixed
EDB-ID:
18012
 
======================
Vulnerability Description:
======================
 
Metasploit Web UI "project[name]" parameter is prone to a XSS vulnerability
 
Continue reading "SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability"
Imprint | Contact | Privacy Statement