Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
 
Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"

[Video] - SSCHADV2013-009 - store.apple.com - DOM based Cross-site Scripting vulnerability

 
 
And here is a link to the video on youtube: http://youtu.be/qlTZD3ri_wU
 
Enjoy yourself!

SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga

Advisory: Cross-Site Scripting vulnerability in Icinga
Advisory ID: SSCHADV2011-003
Author: Stefan Schurtz
Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1
Vendor URL: http://www.icinga.org
Vendor Status:
statusmap.cgi: fixed XSS vulnerability #1281
Target version set to 1.4
OSVDB-ID: 71052
 
======================
Vulnerability Description:
======================

This is a Cross-Site Scripting vulnerability

JavaScript can be included in style sheets by using "expression()" (IE only)

==============
Technical Details:
==============
Continue reading "SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga"

SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios

 
Advisory:  Cross-Site Scripting vulnerability in Nagios
Advisory ID:  SSCHADV2011-002
Author:  Stefan Schurtz
Affected Software: Successfully tested on: nagios-3.2.0 / nagios-3.2.3
Vendor URL: http://www.nagios.org
Vendor Status: fixed
CVE-ID: 2011-1523
OSVDB-ID: 71059
 
======================
Vulnerability Description:
======================
 
This is a Cross-Site Scripting vulnerability
 
JavaScript can be included in style sheets by using "expression()" (IE only)
 
==============
Technical Details:
==============
 

 

Continue reading "SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios"

SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga

            
Advisory: 
Cross-Site Scripting vulnerabilities in Icinga
Advisory ID: 
SSCHADV2011-001
Author: 
Stefan Schurtz
Affected Software: Successfully tested on icinga-1.3.0 / icinga-1.2.1
Vendor URL: http://www.icinga.org
Vendor Status:
fixed csv export link to make it XSS save (IE) #1275
OSVDB-ID: 71050

======================
Vulnerability Description:
======================

This is Cross-Site Scripting vulnerability

==============
Technical Details:
==============
 
Continue reading "SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga"
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170