Advisory:
|
Metasploit 4.1.0 Web UI stored XSS vulnerability
|
Advisory ID:
|
SSCHADV2011-033
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Metasploit 4.1.0
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
EDB-ID:
|
18012
|
======================
Vulnerability Description:
======================
Metasploit Web UI "project[name]" parameter is prone to a XSS vulnerability
Continue reading "SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability"
Advisory:
|
Piwik 1.6 Full Path Disclosure
|
Advisory ID:
|
SSCHADV2011-032
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Piwik 1.6
|
Vendor URL:
|
|
Vendor Status:
|
informed but no fix available
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Piwik 1.6 is prone to a Full Path Disclosure vulnerability
Continue reading "SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure"
Advisory:
|
Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2011-031
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Yet Another CMS 1.0
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
EDB-ID:
|
17997
|
======================
Vulnerability Description:
======================
Yet Another CMS 1.0 is prone to multiple SQL Injection and XSS vulnerabilities
Continue reading "SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities"
Advisory:
|
SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2011-024
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on SilverStripe 2.4.5
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
SilverStripe 2.4.5 backend is prone to multiple Cross-site scripting vulnerabilities
Continue reading "SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities"
Advisory:
|
Site@School 2.4.10 SQL Injection & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2011-030
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Site@School 2.4.10 |
Vendor URL:
|
|
Vendor Status:
|
insecure and no longer maintained
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Site@School is prone to multiple SQL Injection and XSS vulernabilities
Continue reading "SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities"
Advisory:
|
PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities
|
Advisory ID:
|
SSCHADV2011-029
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on PHP Booking Calendar 10e |
Vendor URL:
|
|
Vendor Status:
|
informed
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
PHP Booking Calendar is prone to multiple Cross-Site scripting vulernabilities
Continue reading "SSCHADV2011-029 - PHP Booking Calendar Multiple Cross-Site Scripting Vulnerabilities"