Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...

chillyCMS 1.3.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities Google Dork: powered by chillyCMS Date: 15 February 2013 Exploit Author: Abhi M Balakrishnan Vendor Homepage: http://chillycms.bplaced.net/ Software Link:...

chillyCMS 1.3.0 Shell Upload / Access Bypass

Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities Google Dork: "powered by chillyCMS" Date: 15 February 2013 Exploit Author: Abhi M Balakrishnan Vendor Homepage: http://chillycms.bplaced.net/ Software Link: http://chillycms.bplaced.net/chillyCMS/media/files/chillyCMSfull.zip Version: 1.3.0...

chillyCMS 1.3.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerability Failure to Restrict URL Access chillyCMS uses 302 redirects to restrict access to the unautorized pages. Exploit Step 1: Create a rule in No-Redirect Add-on: ^http://localhost/chillyCMS/ Step 2: Access...

ChillyCMS 1.3.0 - Multiple Vulnerabilities

ChillyCMS 1.3.0 - Multiple Vulnerabilities Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities Google Dork: "powered by chillyCMS" Date: 15 February 2013 Exploit Author: Abhi M Balakrishnan Vendor Homepage: http://chillycms.bplaced.net/ Software Link:...