Security Advisories | Entries from July 2012

SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities

Posted by Stefan Schurtz on Sunday, July 29. 2012

Advisory:	ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2012-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on ATutor 2.0.3
Vendor URL:	http://atutor.ca
Vendor Status:	fixed

======================
Vulnerability Description
======================

ATutor 2.0.3 is prone to multiple XSS vulnerabilities

Posted by Stefan Schurtz on Monday, July 16. 2012

Advisory:	WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory ID:	SSCHADV2012-015
Author:	Stefan Schurtz
Affected Software:	Successfully tested on ‘Count Per Day’ 3.1.1
Vendor URL:	http://www.tomsdimension.de/wp-plugins/count-per-day
Vendor Status:	fixed
CVE-ID:	CVE-2012-3434

======================
Vulnerability Description
======================

The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities

Posted by Stefan Schurtz on Friday, July 6. 2012

Advisory:	MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-017
Author:	Stefan Schurtz
Affected Software:	Successfully tested on MGB OpenSource Guestbook 0.6.9.1
Vendor URL:	http://www.m-gb.org
Vendor Status:	fixed

======================
Vulnerability Description
======================

The MGB OpenSource Guestbook is prone to multiple security vulnerabilities

Posted by Stefan Schurtz on Thursday, July 5. 2012

Advisory:	PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-013
Author:	Stefan Schurtz
Affected Software:	Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version)
Vendor URL:	http://sourceforge.net/projects/php-addressbook/
Vendor Status:	informed

======================
Vulnerability Description
======================

PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities