91 matches found
AlegroCart 1.2.8 - Local/Remote File Inclusion
Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes Reported to...
X2Engine 4.2 - Cross-Site Request Forgery
X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection
Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was...
Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability
Exploit for php platform in category web applications Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karev...
Mandriva Update for mds MDVA-2011:026 (mds)
Check for the Version of mds OpenVAS Vulnerability Test Mandriva Update for mds MDVA-2011:026 mds Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
TornadoStore 1.4.3 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================== TornadoStore 1.4.3 SQL Injection Vulnerability ============================================== 1. Advisory Information Title: Multiple SQL Injection in TornadoStore 1.4.3 Advisory ID:...
DreamPoll 3.1 SQL Injection / XSS
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 - SQL Injection
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
[ONSEC-09-010] Undersky CMS SQL injection
ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...
[ANNOUNCE] Apache HTTP Server 2.0.51 Released
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server "Apache". This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This versi...
Phorum 5.0.3 Beta - Cross Site Scripting
Phorum 5.0.3 Beta - Cross Site Scripting Phorum Cross Site Scripting Vendor: Phorum Product: Phorum Version: tag, it will allow for pretty much any thing else, and most of you know it is not hard to execute javascript inside of a tag which is allowed. This same vulnerability also exists in...