Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities

Advisory:
ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-002
Author: Stefan Schurtz
Affected Software: Successfully tested on ATutor 2.0.3
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
ATutor 2.0.3 is prone to multiple XSS vulnerabilities
 
Continue reading "SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities"

SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

Advisory:
WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory ID:
SSCHADV2012-015
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ‘Count Per Day’ 3.1.1
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-3434
 
======================
Vulnerability Description
======================
 
The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities
 
Continue reading "SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities"

Bypass 'preg_replace' XSS filter

// xss.php (Download)
 
 <?php
 
$message = $_GET[‘xss’];

$message = 
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
 
echo $message;
?>
 
Continue reading "Bypass 'preg_replace' XSS filter"

SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities

Advisory:
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
Advisory ID:
SSCHADV2012-017
Author:
Stefan Schurtz
Affected Software:
Successfully tested on MGB OpenSource Guestbook 0.6.9.1
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The MGB OpenSource Guestbook is prone to multiple security vulnerabilities
 
Continue reading "SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities"

SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities

Advisory:
PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
Advisory ID: SSCHADV2012-013
Author: Stefan Schurtz
Affected Software: Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version)
Vendor URL:
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities
 
Continue reading "SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities"
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170