Pligg CMS 2.0.2 - Multiple SQL Injections

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Releas...

ZeusCart 4.0 - SQL Injection / CSRF Vulnerability

Exploit for php platform in category web applications ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: email protected Vulnerability Type: SQL Injection Remote...

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...

ZeusCart 4.0 SQL Injection

ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...

Monsta FTP 1.6.2 Cross Site Request Forgery / Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MONSTAFTP-0911.txt Vendor: ================================ www.monstaftp.com Product: ================================ monstaftpv1.6.2 Monsta FTP is open source PHP/Ajax cloudware...

Monsta FTP 1.6.2 - Multiple Vulnerabilities

Monsta FTP 1.6.2 - Multiple Vulnerabilities Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com Software Link: www.monstaftp.com Version: monstaftpv1.6.2 Test...

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

BigTree CMS 4.2.3 - Authenticated SQL Injection BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://blog.curesec.com/article/blog/BigTree-CMS-423-Multiple-SQL-Injection-Vulnerabilities-39.html 1. Introduction Affected Produc...

BigTree CMS 4.2.3 - (Authenticated) SQL Injection

BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities Security Advisory – Curesec Research Team Online-Reference: http://blog.curesec.com/article/blog/BigTree-CMS-423-Multiple-SQL-Injection-Vulnerabilities-39.html 1. Introduction Affected Product: BigTree CMS 4.2.3 Fixed in: 4.2.4 Fixed Versi...

MSCorp CMS - SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================= + Title :- MSCorp CMS - SQL Injection Vulnerability + Date :- 7 - Aug - 2015 + Vendor Homepage :- http://www.mscorp.co.in/ + Version :- All Versions + Tested on :- Nginx/1.4.5,...

ZenPhoto 1.4.8 - Multiple Vulnerabilities

ZenPhoto 1.4.8 - Multiple Vulnerabilities Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09...

ZenPhoto 1.4.8 - Multiple Vulnerabilities

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection...

ZenPhoto 1.4.8 - Multiple Vulnerabilities

ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...

Novius 5.0.1 - Multiple Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

WordPress Encrypted Contact Form 1.0.4 CSRF / XSS

Title: Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site Request Forgery...

WordPress plugin WP Slimstat 'wp-admin/admin.php' cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the WordPress plugin WP Slimstat 'wp-admin/admin.php', which can be exploited by an attacker ...

itBit Exchange: Stored xss in bank name withdraw

Open https://beta.itbit.com/accounts 2. Add new Bank Account with payload in name field - Bank of New York'"asdF 3. Save this account and 4. Select it as a target to withdraw As you can see in screenshot at this time there is some problem with javascript code some filtration affected but we...

Mobile Vikings: Stored XSS in Direct debit name

Make new or edit old Direct debit for example https://mobilevikings.be/en/account/easypay/correct-direct-debit-mandate/111366/ 2. Fill owners name with payload asdf'"alertdocument.cookie 3. Save form. We got Stored XSS in pages: https://mobilevikings.be/en/account/easypay/...

CVE-2014-10035

Multiple cross-site scripting XSS vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the 1 sEcho parameter to commentspaginate.php or 2 storespaginate.php or the 3 affiliateurl, 4 description, 5 domain, 6...

CVE-2014-10034

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the 1 iDisplayLength or 2 iDisplayStart parameter to a commentspaginate.php or b storespaginate.php in admin/ajax/...