Grawlix 1.0.3 - Cross-Site Request Forgery

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendo...

PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported t...

PhpSocial 2.0.0304_20222226 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015...

Grawlix 1.0.3 - Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release...

Joomla high-risk vulnerability scanning event analysis-vulnerability warning-the black bar safety net

Summary 1 2 on 1 4 May, the Joomla official website emergency issued a due to the security vulnerability to cause a version update 3.4.6, according to security company sucuri released information, this scan time is to use the Joomla deserialization characteristics of the problem causes the...

WordPress S3 Video Remote Shell Upload Vulnerability

WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected. Exploit Title : Wordpress S3 Video Plugin file upload Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://plugins.svn.wordpress.org/s3-video/tags/0.91/ Affected Version:...

redaxscript 2.5.0 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: redaxscript 2.5.0 Fixed in: 2.6.1 Fixed Version Link: http://redaxscript.com/files/releases/ redaxscript2.6.1full.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...

4images 1.7.11 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...

blog.sli.do XSS vulnerability

Vulnerable URL: http://blog.sli.do/?s=999%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.02.2016 Latest check for patch:| 26.02.2016 23:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

Dell Computers Contain CA Root Certificate Vulnerability

Dell personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic HTTPS, impersonate spoof any website, or perform other attacks...

Pornhub: Cross Site Scripting - On Mouse Over, Blog page

The researcher identified that the following URL for the Pornhub user was vulnerable to reflected/semi-stored cross site scripting, which enabled the researcher to craft a URL that pops an alert box upon mousing over the language selection at bottom of page. The affected url can be seen below:...

XCart 5.2.6 Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: https://www.x-cart.com/xc5kit Vendor Contact: [email protected] Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to publi...

ClipperCMS 1.3.0 Shell Upload

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public:...

TomatoCart 1.1.8.6.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: TomatoCart v1.1.8.6.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Relea...

XCart 5.2.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: https://www.x-cart.com/xc5kit Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/20...

Thelia 2.2.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Thelia 2.2.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full...

over-blog.com XSS vulnerability

Vulnerable URL: https://www.over-blog.com/search/%22%3Cvideo%3E%3Csource%20onerror%3d%22javascript:alert%28'XSSPOSED'%29%22%3E Details: Description| Value ---|--- Patched:| Yes, at 06.12.2015 Latest check for patch:| 06.12.2015 23:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

CubeCart 6.0.7 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CubeCart 6.0.7 Fixed in: 6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015...

MiniBB 3.1.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to...