darksecurity.de | darksecurity.de

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

Advisories

Advisories/Vulnerability Information

Advisories

-= Cross-site Scripting =-

SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga

SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios

SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga

SSCHADV2011-004 - Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"

SSCHADV2011-005 - Cross-Site Scripting vulnerability in Icinga

SSCHADV2011-006 - Cross-Site Scripting vulnerability in Nagios

SSCHADV2011-007 - Multiple Cross-Site Scripting vulnerabilities in BLOGCMS

SSCHADV2011-008 - Multiple Cross-Site Scripting vulnerabilities in WebCalendar

SSCHADV2011-009 - Multiple XSS vulnerabilities on www.netto-travel.de

SSCHADV2011-011 - XSS vulnerability in FortiMail Messaging Security Appliance

SSCHADV2011-013 - Multiple XSS vulnerabilities in LightNEasy

SSCHADV2011-014 - Multiple XSS vulnerabilities in Papoo Light Version

SSCHADV2011-015 - Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

SSCHADV2011-016 - Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

SSCHADV2011-017 - Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities

SSCHADV2011-020 - Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability

SSCHADV2011-021 - Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities

SSCHADV2011-022 - phpFK 7.2.5 Multiple Cross-site Scripting Vulnerabilities

SSCHADV2011-023 - Phorum 5.2.18 Cross-site scripting vulnerability

SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities

SSCHADV2011-025 - Contao 2.10.1 Cross-site scripting vulnerability

SSCHADV2011-028 - FreeSMS (Free Student Management System) Multiple Cross-site Scripting Vulnerabilities

SSCHADV2011-029 - PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities

SSCHADV2011-033 - Metasploit 4.1.0 Web UI "project[name]" XSS vulnerability

SSCHADV2011-035 - PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability

SSCHADV2011-037 - Achievo 1.4.5 Multiple XSS vulnerabilities

SSCHADV2011-038 - Ariadne 2.7.6 Multiple XSS vulnerabilitie

SSCHADV2011-041 - phpVideoPro Multiple XSS vulnerabilities

SSCHADV2011-042 - Beehive Forum 101 Multiple XSS vulnerabilities

SSCHADV2012-001 - BoltWire 3.4.16 Multiple XSS vulnerabilities
SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities
SSCHADV2012-003 - WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
SSCHADV2012-004 - ContentLion Alpha 1.3 XSS vulnerability
SSCHADV2012-006 - WikyBlog 1.7.3RC2 XSS vulnerability
SSCHADV2012-008 - CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
SSCHADV2012-010 - WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities
SSCHADV2012-014 - Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities
SSCHADV2012-018 - SaltOS 3.1 Cross-Site Scripting vulnerability
SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability
SSCHADV2012-021 - Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability
SSCHADV2012-022 - Piwigo 2.4.3 Cross-Site Scripting vulnerability
SSCHADV2012-023 - Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities
SSCHADV2012-024 - www.elitepartner.de - Cross-site Scripting vulnerability
SSCHADV2012-027 - www.datingcafe.de - Cross-site Scripting vulnerability

INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

INFOSERVE-ADV2011-04 - Multiple Cross-Site-Scripting vulnerabilities in x3cms

INFOSERVE-ADV2011-07 - Tiki Wiki CMS Groupware Stored Cross-Site-Scripting

INFOSERVE-ADV2011-11 - VertrigoServ 2.25 Cross-Site-Scripting vulnerability

INFOSERVE-ADV2011-12 - SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities

-= SQL Injection =-

SSCHADV2011-019 - openEngine 2.0 'id' Blind SQL Injection vulnerability

SSCHADV2011-026 - openEngine 2.0 'key' Blind SQL Injection vulnerability

SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability

INFOSERVE-ADV2011-06 - Seotoaster SQL-Injection Admin Login Bypass

INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

-= Full Path Disclosure =-

SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure

-= Local File Inclusion =-

SSCHADV2011-034 - osCSS2 "_ID" parameter Local file inclusion

-= Buffer Overflow =-

SSCHADV2011-040 - Nagios Plugin 'check_ups' Local Buffer Overflow

-= Multiple vulnerabilities =-

SSCHADV2011-010 - Multiple vulnerabilities on www.salue.de

SSCHADV2011-012 - Multiple vulnerabilities in Zimplit CMS

SSCHADV2011-018 - AdaptCMS 2.0.1 Multiple Security vulnerabilities

SSCHADV2011-027 - KaiBB 2.0.1 XSS and SQL Injection vulnerabilities

SSCHADV2011-030 - Site@School 2.4.10 SQL Injection & XSS vulnerabilities

SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities

INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop

SSCHADV2012-005 - Wikidforum 2.10 Multiple security vulnerabilities
SSCHADV2012-007 - PHP Address Book 6.2.12 Multiple security vulnerabilities

SSCHADV2012-009 - Star Wars Old Republic - SWTOR Char DB 1.8b Multiple security vulnerabilities
SSCHADV2012-013 - PHP Address Book 7.0.0 Multiple security vulnerabilities
SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities
SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerability

KORAMIS-ADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
KORAMIS-ADV2012-002 - Alienvault OSSIM Open Source SIEM 3.1 Multiple security vulnerabilities

-= Directory Traversal =-

INFOSERVE-ADV2011-09 - zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal

-= DoS =-

SSCHADV2012-011 - KnFTPd 1.0.0 'FEAT' DoS vulnerability

Vulnerabilities found by me

in 2013

Vulnerability References

http://osvdb.org/creditees/6342-stefan-schurtz

http://packetstormsecurity.org/files/author/8812/

http://www.exploit-db.com/author/?a=3427

Sidebar

Calendar

Werbung

Exploit-DB updates by Offensive Security

[webapps] Flowise 1.6.5 - Authentication Bypass

Sunday, April 21. 2024

[webapps] Laravel Framework 11 - Credential Leakage

Sunday, April 21. 2024

[webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)

Sunday, April 21. 2024

[webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

Sunday, April 21. 2024

[webapps] FlatPress v1.3 - Remote Command Execution

Sunday, April 21. 2024

OpenBSD Journal

Game of Trees 0.98 released

Wednesday, April 24. 2024

pfctl(8) and systat(8) to display fragment reassembly statistics

Tuesday, April 23. 2024

Coming soon to a -current system near you: parallel raw IP input

Thursday, April 18. 2024

In -current, default write format for tar(1) changed to "pax"

Wednesday, April 17. 2024

OpenSMTPD 7.5.0p0 Released

Wednesday, April 10. 2024

20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09)

Tuesday, April 9. 2024

OpenBSD 7.5 released

Friday, April 5. 2024

LibreSSL 3.8.4 and 3.9.1 released

Thursday, March 28. 2024

OpenSSH 9.7/9.7p1 released!

Tuesday, March 12. 2024

Archives

Blog Administration

Open login screen

Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170