darksecurity.de | Entries from May 2012

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability

Posted by Stefan Schurtz on Tuesday, May 8. 2012

Advisory:	Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
Advisory ID:	KORAMIS-ADV2012-001
Contact:	security@koramis.de
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Serendipity 1.6
Vendor URL:	http://www.s9y.org
Vendor Status:	fixed
CVE-ID:	CVE-2012-2331, CVE-2012-2332
EDB-ID:	18884

==========================
Vulnerability Description
==========================

The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability

Continue reading "KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability"

SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities

Posted by Stefan Schurtz on Sunday, May 6. 2012

Advisory:	Baby Gekko v1.2.0 Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2012-012
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Baby Gekko v1.2.0
Vendor URL:	http://www.babygekko.com/
Vendor Status:	informed