Advisory:
|
www.datingcafe.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-027
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on www.datingcafe.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
http://www.datingcafe.de is prone to a Cross-site Scripting vulnerability
Continue reading "SSCHADV2012-027 - www.datingcafe.de - Cross-site Scripting vulnerability"
I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.
And here is the link to the advisory SSCHADV2012-099 a
nd here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)
Continue reading "Shame on me ;-)"
Advisory:
|
t-online.de eMail Center – Cross-Site Request Forgery & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2012-099
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on email.t-online.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities
Continue reading "SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities"
Advisory:
|
www.elitepartner.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-024
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on www.elitepartner.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
http://www.elitepartner.de is prone to a XSS vulnerability
Continue reading "SSCHADV2012-024 - elitepartner.de Cross-site Scripting vulnerability"
Advisory:
|
heise.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-002
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on heise.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
http://www.heise.de is prone to a XSS vulnerability
Continue reading "SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability"
Advisory:
|
Websitebaker Add-on ‘Concert Calendar 2.1.4’ XSS & SQLi vulnerability
|
Advisory ID:
|
SSCHADV2013-001
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Concert Calendar 2.1.4
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Websitebaker Add-on ‘Concert Calendar 2.1.4’ is prone to a XSS and SQLi vulnerability
Continue reading "SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability"