darksecurity.de

SSCHADV2012-014 - Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities

Posted by Stefan Schurtz on Tuesday, September 18. 2012

Advisory:	Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Advisory ID:	SSCHADV2012-014
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Joomla 2.5.6
Vendor URL:	http://www.joomla.org/
Vendor Status:	fixed

======================
Vulnerability Description
======================

With activated "Module Language Switcher – position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.

Continue reading "SSCHADV2012-014 - Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities"

SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities

Posted by Stefan Schurtz on Saturday, September 1. 2012

Advisory:	Admidio 2.3.5 Multiple security vulnerabilities
Advisory ID:	SSCHADV2012-019
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Admidio 2.3.5
Vendor URL:	http://www.admidio.org/
Vendor Status:	fixed
CVE-ID:	CVE-2012-4748, CVE-2012-4749

======================
Vulnerability Description
======================

Admidio 2.3.5 is prone to XSS and SQLi vulnerabilities

Continue reading "SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities"

SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability

Posted by Stefan Schurtz on Friday, August 24. 2012

Advisory:	PHPExcel 1.7.7 Cross-Site Scripting vulnerability
Advisory ID:	SSCHADV2012-020
Author:	Stefan Schurtz
Affected Software:	Successfully tested on PHPExcel 1.7.7
Vendor URL:	http://phpexcel.codeplex.com/
Vendor Status:	informed

======================
Vulnerability Description
======================

PHPExcel 1.7.7 is prone to a Cross-Site Scripting vulnerability

Continue reading "SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability"

SSCHADV2012-018 - SaltOS 3.1 Cross-Site Scripting vulnerability

Posted by Stefan Schurtz on Saturday, August 18. 2012

Advisory:	SaltOS 3.1 Cross-Site Scripting vulnerability
Advisory ID:	SSCHADV2012-018
Author:	Stefan Schurtz
Affected Software:	Successfully tested on SaltOS 3.1 r4908
Vendor URL:	http://www.saltos.net
Vendor Status:	fixed

======================
Vulnerability Description
======================

SaltOS 3.1 is prone to a Cross-Site Scripting vulnerability, because of using PHPExcel 1.7.7 (latest version)

Continue reading "SSCHADV2012-018 - SaltOS 3.1 Cross-Site Scripting vulnerability"

SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple XSS vulnerabilities

Posted by Stefan Schurtz on Friday, August 10. 2012

Advisory:	WordPress Plugin ‘Quick Post Widget’ 1.9.1 Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2012-016
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Quick Post Widget 1.9.1
Vendor URL:	http://qpw.famvanakkeren.nl/
Vendor Status:	informed
CVE-ID:	CVE-2012-4226

======================
Vulnerability Description
======================

The WordPress plugin Quick Post Widget 1.9.1 is prone to multiple XSS vulnerabilities

Continue reading "SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple XSS vulnerabilities"

SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities

Posted by Stefan Schurtz on Sunday, July 29. 2012

Advisory:	ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID:	SSCHADV2012-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on ATutor 2.0.3
Vendor URL:	http://atutor.ca
Vendor Status:	fixed

======================
Vulnerability Description
======================

ATutor 2.0.3 is prone to multiple XSS vulnerabilities

Continue reading "SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	May '24
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31