OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

Open-Xchange App Suite 7.8.2 - Cross-Site Scripting

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev46, 7.6.3-rev1...

Zen Cart 1.5.4 - Local File Inclusion

Zen Cart 1.5.4 - Local File Inclusion Advisory ID: HTB23282 Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26, 2015 Public...

bitrix.scan Bitrix 1.0.3 Path Traversal

Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 24, 2015 Public Disclosure:...

CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go...

Gogs Label Search Blind SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the gith...

Open-Xchange Security Advisory 2014-11-07

Product: OX App Suite Vendor: Open-Xchange GmbH Internal reference: 34765 Bug ID Vulnerability type: SQL Injection CWE-89 Vulnerable version: 7.6.0 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Researcher credits: SoftScheck GmbH Fixed...

OX App Suite 7.6.0 SQL Injection Vulnerability

OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability. Product: OX App Suite Vendor: Open-Xchange GmbH Internal reference: 34765 Bug ID Vulnerability type: SQL Injection CWE-89 Vulnerable version: 7.6.0 and earlier Vulnerable component: backend Report confidence:...

sweetrice cms 0.6.7 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22669 Reference: http://www.htbridge.ch/advisory/resetadminpasswordinsweetricecms.html Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type:...

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

Multiple SQL Injection Vulnerabilities in AuraCMS

Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public Disclosure: February 5, 2014...

Eventum 2.3.4 - hostname Remote Code Execution

Eventum 2.3.4 - hostname Remote Code Execution Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor...

GLPI 0.84.1 Access Control / Code Injection

Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

Open-Xchange Server 6 - Multiple Vulnerabilities

Exploit for php platform in category web applications Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof...

Multiple XSS vulnerabilities in Events Manager WordPress plugin

Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...

glFusion 1.2.2 Cross Site Scripting Vulnerability

glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities. Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: Februar...

Samsung Kies 2.5.0.12114_1 Buffer Overflow Vulnerability

Samsung Kies version 2.5.0.121141 suffers from a buffer overflow vulnerability. Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.5.0.121141 Tested Version: 2.5.0.121141 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: December 19, 2012 Vendor Patch: December...

Multiple vulnerabilities in Subrion CMS

Advisory ID: HTB23113 Product: Subrion CMS Vendor: The Subrion development team Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Vendor Notification: September 5, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79,...

OpenX 2.8.10 Cross Site Scripting / SQL Injection

Advisory ID: HTB23116 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: September 19, 2012 Public Disclosure: October 10, 2012 Vulnerability Type: Cross-Site Scripting CWE-79, SQL Injection CWE-89 CVE References: CVE-2012-4989,...