darksecurity.de

SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Friday, January 4. 2013

Advisory:	heise.de – Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2013-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on heise.de
Vendor URL:	http://www.heise.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://www.heise.de is prone to a XSS vulnerability

Continue reading "SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability"

SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability

Posted by Stefan Schurtz on Friday, January 4. 2013

Advisory:	Websitebaker Add-on ‘Concert Calendar 2.1.4’ XSS & SQLi vulnerability
Advisory ID:	SSCHADV2013-001
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Concert Calendar 2.1.4
Vendor URL:	http://addons.websitebaker2.org/pages/en/browse-add-ons.php?id=0E8BC37
Vendor Status:	fixed

======================
Vulnerability Description
======================

Websitebaker Add-on ‘Concert Calendar 2.1.4’ is prone to a XSS and SQLi vulnerability

Continue reading "SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability"

SSCHADV2012-023 - Hero Framework 3.76 Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Sunday, December 23. 2012

Advisory:	Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities
Advisory ID:	SSCHADV2012-023
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Hero Framework 3.76
Vendor URL:	http://www.heroframework.com/
Vendor Status:	informed

======================
Vulnerability Description
======================

Hero Framework 3.76 is prone to multiple Cross-Site Scripting vulnerabilities

Continue reading "SSCHADV2012-023 - Hero Framework 3.76 Cross-site Scripting vulnerability"

My new article on heise Security

Posted by Stefan Schurtz on Monday, November 5. 2012

Here is my newest article, published on heise Security.

This time it’s about the Web-Security tool "CSRFTester" from The Open Web Application Security Project (OWASP). It’s a short overview how to use the CSRFTester to identify "Cross Site Request Forgery" vulnerabilites in web applications.

Here is the link to the article: http://heise.de/-1735223

Enjoy yourself!

SSCHADV2012-022 - Piwigo 2.4.3 Cross-Site Scripting vulnerability

Posted by Stefan Schurtz on Saturday, October 20. 2012

Advisory:	Piwigo 2.4.3 Cross-Site Scripting vulnerability
Advisory ID:	SSCHADV2012-022
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Piwigo 2.4.3
Vendor URL:	http://piwigo.org/
Vendor Status:	fixed

======================
Vulnerability Description
======================

Piwigo 2.4.3 is prone to a Cross-Site Scripting vulnerability

Continue reading "SSCHADV2012-022 - Piwigo 2.4.3 Cross-Site Scripting vulnerability"

SSCHADV2012-021 - Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability

Posted by Stefan Schurtz on Saturday, October 20. 2012

Advisory:	Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability
Advisory ID:	SSCHADV2012-021
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Zen-cart-v150-12302011
Vendor URL:	http://www.zen-cart.com/
Vendor Status:	fixed

======================
Vulnerability Description
======================

Zen cart v1.5.0 & v1.51 are prone to a Cross-Site Scripting vulnerability

Continue reading "SSCHADV2012-021 - Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30