174 matches found
appRain 4.0.3 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Full...
appRain 4.0.3 Cross Site Request Forgery
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: Fixed via Optional Module CSRF Protection Module http://www.apprain.com/extension/20/accounting-system?s Link: =Description Vendor Website: [email protected] Vulnerability Type: CSRF Remote...
redaxscript 2.5.0 Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: redaxscript 2.5.0 Fixed in: module has been removed in version 2.6.0 Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015...
redaxscript 2.5.0 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: redaxscript 2.5.0 Fixed in: 2.6.1 Fixed Version Link: http://redaxscript.com/files/releases/ redaxscript2.6.1full.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...
appRain 4.0.3 Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...
CodoForum 3.4 Cross Site Scripting Vulnerability
CodoForum version 3.4 suffers from a cross site scripting vulnerability. CodoForum 3.4 Cross Site Scripting Vulnerability 1. Introduction Affected Product: CodoForum 3.4 Fixed in: not fixed Release mode: Full Disclosure CVE: Requested, but not assigned Credits Tim Coen of Curesec GmbH 2...
appRain 4.0.3 Path Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...
phpwcms 1.7.9 Cross Site Request Forgery
Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version https://github.com/slackero/phpwcms/archive/ Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability CSRF Type: Remote Yes Exploitable: Reported to...
4images 1.7.12 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.12 Fixed in: 1.7.13 update Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015...
CodoForum 3.4 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: CodoForum 3.4 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 12/02/2015 Release mode: Fu...
4images 1.7.11 SQL Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...
Geeklog 2.1.0 Command Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...
4images 1.7.11 Path Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor:...
4images 1.7.11 Code Execution
!/usr/local/bin/python Exploit for 4images 1.7.11 Code Execution vulnerability An admin account is required to use this exploit Curesec GmbH import sys import re import argparse import requests requires requests lib parser = argparse.ArgumentParser parser.addargument"url", help="base url to...
Geeklog 2.1.0 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...
Geeklog 2.1.0 Command Injection
!/usr/local/bin/python Exploit for geeklog-2.1.0 OS Command Injection vulnerability An admin account is required to use this exploit Curesec GmbH import sys import re import argparse import requests requires requests lib parser = argparse.ArgumentParser parser.addargument"url", help="base url to...
4images 1.7.11 Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: 4images 1.7.11 Fixed in: 1.7.12 Fixed Version Link: http://www.4homepages.de/download-4images Vendor Website: http://www.4homepages.de/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor:...
LiteCart 1.3.2 Cross Site Scripting Vulnerability
LiteCart version 1.3.2 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: LiteCart 1.3.2 Fixed in: 1.3.3 Fixed Version Link: https://www.litecart.net/downloading?version=1.3.3.1 Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes...
AlegroCart 1.2.8 - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Y...
LiteCart 1.3.2 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LiteCart 1.3.2 Fixed in: 1.3.3 Fixed Version Link: https://www.litecart.net/downloading?version=1.3.3.1 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/20...