ZeusCart 4.0 SQL Injection

ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...

ZeusCart 4.0 Code Execution

ZeusCart 4.0: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclose...

ZeusCart 4.0 Cross Site Request Forgery

ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public:...

ZeusCart 4.0 Cross Site Scripting

ZeusCart 4.0: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 09/14/201...

Zen Cart 1.5.4 Code Execution / Information Disclosure

Zen Cart 1.5.4: Code Execution and Information Leak Security Advisory – Curesec Research Team 1. Introduction Affected Product: Zen Cart 1.5.4 Fixed in: partial fix via patch Partial Patch Link: https://www.zen-cart.com/showthread.php?218239-curesec-security-report-Patch-Included Vendor Contact:...

Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)

Source: https://code.google.com/p/google-security-research/issues/detail?id=461 Windows: NtUserGetClipboardAccessToken Token Leak Redux Platform: Windows 8.1 Update, Windows 10 Build 10130 Class: Security Bypass/EoP Summary: The NtUserGetClipboardAccessToken win32k system call exposes the access...

Magento Bug Bounty #19 - Persistent Filename Vulnerability

Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...

Amazon Linux: Security Advisory (ALAS-2012-89)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Virtual Freer v1.57 - Authentication Bypass Vulnerability

Document Title: =============== Virtual Freer v1.57 - Authentication Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

Serendipity 2.0.1 Shell Upload

Serendipity 2.0.1: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

Serendipity 2.0.1 Blind SQL Injection

Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected]...

Thumbnail Carousel Slider < 1.0.1 - Authenticated Shell Upload & CSRF

The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor. PoC Create a file name...

firefox: multiple issues

CVE-2015-4497 use-after-free when resizing canvas element during restyling: Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a canvas element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references...

WordPress Navis DocumentCloud 0.1 Cross Site Scripting

Details ================ Software: Navis DocumentCloud Version: 0.1 Homepage: https://wordpress.org/plugins/navis-documentcloud/ Advisory report: https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ CVE: CVE-2015-2807 CVSS: 6.4 Medium;...

PayPal Notify - Cross Site Request Forgery Vulnerability

Document Title: =============== PayPal Notify - Cross Site Request Forgery Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1584 Video: https://www.youtube.com/watch?v=1NO4I28J-0s Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID:...

Low: Red Hat Security Advisory: libunwind security update

Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Microsoft Office 2007 MSO.dll Use-After-Free Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified...

Microsoft Office 2007 - mso.dll Use-After-Free (MS15-081)

Microsoft Office 2007 - mso.dll Use-After-Free MS15-081 Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application...

Microsoft Office 2007 - &#039;mso.dll&#039; Use-After-Free (MS15-081)

Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This samp...