Advisory:
|
ATutor 2.0.3 Multiple XSS vulnerabilities |
Advisory ID: |
SSCHADV2012-002 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on ATutor 2.0.3 |
Vendor URL: |
|
Vendor Status: |
fixed
|
|
|
======================
Vulnerability Description
======================
ATutor 2.0.3 is prone to multiple XSS vulnerabilities
Continue reading "SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities"
Advisory:
|
WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2012-015
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ‘Count Per Day’ 3.1.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2012-3434
|
======================
Vulnerability Description
======================
The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities
Continue reading "SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities"
<?php
$message = $_GET[‘xss’];
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
|
echo $message;
?>
Continue reading "Bypass 'preg_replace' XSS filter"
Advisory:
|
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
|
Advisory ID:
|
SSCHADV2012-017
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on MGB OpenSource Guestbook 0.6.9.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The MGB OpenSource Guestbook is prone to multiple security vulnerabilities
Continue reading "SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities"
Advisory:
|
PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
|
Advisory ID: |
SSCHADV2012-013 |
Author: |
Stefan Schurtz |
Affected Software: |
Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version) |
Vendor URL: |
|
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities
Continue reading "SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities"