39 matches found
Simple PHP Blog 0.5.1 - Local File Inclusion Vulnerability
No description provided by source. Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context ...
[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...
Project'Or RIA 3.4.0 Cross Site Scripting
============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...
[ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30
============================================= INTERNET SECURITY AUDITORS ALERT 2013-011 - Original release date: March 21st, 2013 - Last revised: March 21st, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2652...
[ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5
============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: March 20th, 2013 - Last revised: March 25th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2651...
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11
============================================= INTERNET SECURITY AUDITORS ALERT 2013-008 - Original release date: March 15th, 2013 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2621, CVE-2013-2622, CVE-2013-2623...
BoltWire 3.5 Cross Site Scripting Vulnerability
BoltWire versions 3.5 and beloBoltWire versions 3.5 and below suffer from multiple cross site scripting vulnerabilities.w suffer from multiple cross site scripting vulnerabilities. ============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: Mar...
BoltWire 3.5 Cross Site Scripting
============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: March 20th, 2013 - Last revised: March 25th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2651...
XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access
XAMPP 1.8.1 - lang.php?WriteIntoLocalDisk method Local Write Access ============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel García Cárdenas - Severity: 6,8/10 CVSS Ba...
XAMPP 1.8.1 Local Write Access Vulnerability
XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0
============================================= INTERNET SECURITY AUDITORS ALERT 2013-009 - Original release date: March 15th, 2013 - Last revised: June 4th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2621, CVE-2013-2623, CVE-2013-2624...
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics
============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...
[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9
============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...
TinyWebGallery 1.8.9 Path Disclosure
============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...
Asteriskguru Queue Statistics Cross Site Scripting
============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...
Joomla! < 1.5.12 跨站脚本执行和信息泄露漏洞
CVE ID: CVE-2011-4911 Joomla!是一款开放源码的内容管理系统CMS。 Joomla! 1.5.12之前版本没有在某些文件中执行JEXEC检查,可允许远程攻击者获取安装路径。 0 Joomla! 1.5.12 厂商补丁: Joomla! ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.joomla.org/ / PoC: XSS Joomla 1.5.11 Juan Galiana Lara Internet Security Auditors Jun 2009 / / conf...
[ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g
============================================= INTERNET SECURITY AUDITORS ALERT 2010-007 - Original release date: August 11th, 2010 - Last revised: May 1st, 2011 - Discovered by: Vicente Aguilera Diaz - Severity: 5.0/10 CVSS Base Scored ============================================= I. VULNERABILIT...
[ISecAuditors Security Advisories] SQL Injection and XSS in Motorito < v2.0 Ni 483
============================================= INTERNET SECURITY AUDITORS ALERT 2010-005 - Original release date: March 30th, 2010 - Last revised: September 23th, 2010 - Discovered by: Mario Diaz Caldera - Severity: 5.5/10 CVSS Base Score ============================================= I...
Motorito Cross Site Scripting / SQL Injection
============================================= INTERNET SECURITY AUDITORS ALERT 2010-005 - Original release date: March 30th, 2010 - Last revised: September 23th, 2010 - Discovered by: Mario Diaz Caldera - Severity: 5.5/10 CVSS Base Score ============================================= I...
[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0
============================================= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored ============================================= I...