14 matches found
CrafterCMS 4.0.2 Cross Site Scripting
--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...
Magento 1.9.2 File Inclusion
------------------------------------------------------------------------------- Magento fault'datainvalid'; 113. 114. 115. $this-checkProductTypeExists$type; 116. $this-checkProductAttributeSet$set; 117. 118. / @var $product MageCatalogModelProduct / 119. $product = Mage::getModel'catalog/product...
Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
Software Link:http://magento.com/- Affected Versions:Version 1.9.2 and prior versions.- Vulnerability Description:The vulnerability is caused by the "catalogProductCreate" SOAP API implementation,which is defined into the /app/code/core/Mage/Catalog/Model/Product/Api/V2.php script:109. public...
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
----------------------------------------------------------- Concrete5 = 5.7.4 Access.php SQL Injection Vulnerability ----------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1, 5.7.4, and probably other versions. -...
Concrete5 5.7.4 SQL Injection
----------------------------------------------------------- Concrete5 0 173. foreach $filterEntities as $ent 174. $filters = $ent-getAccessEntityID; 175. 176. $peIDs .= 'and peID in ' . implode$filters, ',' . ''; 177. 178. if $accessType == 0 179. $accessType = ''; 180. else 181. $accessType = '...
Concrete5 5.7.3.1 sendmail Remote Code Execution Vulnerability
Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability. ------------------------------------------------------------------- Concrete5 post'registrationtype' 22. case "enabled": 23. Config::save'concrete.user.registration.enabled', true; 24...
Concrete5 5.7.3.1 sendmail Remote Code Execution
------------------------------------------------------------------- Concrete5 post'registrationtype' 22. case "enabled": 23. Config::save'concrete.user.registration.enabled', true; 24. Config::save'concrete.user.registration.validateemail', false; 25...
Java Multiple Issues
Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...
Servlet Exec 5.0p06 File Retrieval
Minded Security Labs: Advisory MSA260209 Servlet Exec Multiple Security Issues Tested Versions: Servlet Exec 5.0p06 on Microsoft IIS 6.0 Minded Security ReferenceID: MSA260209 Credits: Discovery by Stefano Di Paola and Giorgio Fedon of Minded Security Stefano Di Paola stefano.dipaola at...
JForum 2.08 Cross Site Scripting
Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...
Liferay JSON Service Information Leakage
Minded Security Labs: Advisory MSA251009 Liferay Json Service Multiple Information Leakage Tested Versions: Liferay Portal 4.x and 5.x Minded Security ReferenceID: MSA251009 Credits: Discovery by Stefano Di Paola of Minded Security stefano.dipaola at mindedsecurity.com Reference:...
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and...
[MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.
MSA01240108: IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA01240108 Credits: Discovery by Stefano Di Paola of Minded Security...
apachemodneg-splitxss.txt
Apache modnegotiation Xss and Http Response Splitting Date: January 22th, 2008 Tested Versions: Apache From Apache ModNegotiation page: Content negotiation, or more accurately content selection, is the selection of the document that best matches the clients capabilities, from one of several...