|
Advisory:
|
Multiple security vulnerabilities in AShop
|
|
Advisory ID:
|
INFOSERVE-ADV2011-02
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on AShop513
|
|
|
|
|
Vendor Status:
|
fixed in Version 5.1.4
|
======================
Vulnerability Description:
======================
AShop is prone to multiple security vulnerabilities
Continue reading "INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop"
|
Advisory:
|
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
|
|
Advisory ID:
|
INFOSERVE-ADV2011-03
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on Dolibarr 3.1.0 other versions may also be affected
|
|
|
|
|
Vendor Status:
|
fixed in the 3.1 branch
|
======================
Vulnerability Description:
======================
Dolibarr 3.1.0 is prone to multiple XSS vulnerability
Continue reading "INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0"
|
Advisory:
|
osCSS2 "_ID" parameter Local file inclusion
|
|
Advisory ID:
|
SSCHADV2011-034
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on osCSS2 2.1.0 (latest version)
|
|
Vendor URL:
|
|
|
Vendor Status:
|
Fixed in svn branche 2.1.0 and reported in develop version 2.1.1
|
|
EDB-ID:
|
18099
|
======================
Vulnerability Description:
======================
osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability
Continue reading "SSCHADV2011-034 - osCSS2 "_ID" parameter Local file inclusion"
|
Advisory:
|
Serendipity Plugin ‘Karma Ranking’ Multiple Cross-Site Scripting vulnerabilities
|
|
Advisory ID:
|
SSCHADV2011-017
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Multiple parameters in the Karma Ranking plugin (Serendipity backend) are prone to a Cross-Site Scripting vulnerability
Continue reading "SSCHADV2011-017 - Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities"
|
Advisory:
|
Serendipity ‘serendipity[filter][bp.ALT]’ Cross-Site Scripting vulnerability
|
|
Advisory ID:
|
SSCHADV2011-015
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Serendipity 1.5.5
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
The parameter "serendipity[filter][bp.ALT]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability
Continue reading "SSCHADV2011-015 - Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability"
|
Advisory:
|
Metasploit 4.1.0 Web UI stored XSS vulnerability
|
|
Advisory ID:
|
SSCHADV2011-033
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Metasploit 4.1.0
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
EDB-ID:
|
18012
|
======================
Vulnerability Description:
======================
Metasploit Web UI "project[name]" parameter is prone to a XSS vulnerability
Continue reading "SSCHADV2011-033 - Metasploit 4.1.0 Web UI stored XSS vulnerability"