Advisory:
|
WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2012-015
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ‘Count Per Day’ 3.1.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2012-3434
|
======================
Vulnerability Description
======================
The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities
Continue reading "SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities"
<?php
$message = $_GET[‘xss’];
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
|
echo $message;
?>
Continue reading "Bypass 'preg_replace' XSS filter"
Advisory:
|
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
|
Advisory ID:
|
SSCHADV2012-017
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on MGB OpenSource Guestbook 0.6.9.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The MGB OpenSource Guestbook is prone to multiple security vulnerabilities
Continue reading "SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities"
Advisory:
|
PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
|
Advisory ID: |
SSCHADV2012-013 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version) |
Vendor URL: |
|
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities
Continue reading "SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities"
Advisory:
|
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
|
Advisory ID: |
KORAMIS-ADV2012-001 |
Contact: |
security@koramis.de |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on Serendipity 1.6 |
Vendor URL: |
|
Vendor Status: |
fixed
|
CVE-ID:
|
CVE-2012-2331, CVE-2012-2332
|
EDB-ID: |
18884 |
==========================
Vulnerability Description
==========================
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability
Continue reading "KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability"
Advisory:
|
Baby Gekko v1.2.0 Multiple XSS vulnerabilities
|
Advisory ID: |
SSCHADV2012-012 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on Baby Gekko v1.2.0 |
Vendor URL: |
http://www.babygekko.com/ |
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
Baby Gekko v1.2.0 is prone to multiple Cross-Site scripting vulnerabilities
Continue reading "SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities"