Debian Security Advisory DSA 3926-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue...

Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net

Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...

Arbitrary File Upload in HelpDEZk

High-Tech Bridge Security Research Lab discovered vulnerability in HelpDEZk, which can be exploited to compromise vulnerable web site. 1 Unrestricted Upload of File with Dangerous Type in HelpDEZk: CVE-2014-8337 The vulnerability exists due to absence of validation of file extensions when uploadi...

Two XSS in Contact Form DB WordPress plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin installed. 1 Two Cross-Site Scripting XSS...

Multiple SQL Injection Vulnerabilities in AuraCMS

Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public Disclosure: February 5, 2014...

Multiple SQL Injection Vulnerabilities in AuraCMS

High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in AuraCMS, which can be exploited to alter SQL queries and execute arbitrary SQL commands in application's database. 1 Multiple SQL Injection Vulnerabilities in AuraCMS: CVE-2014-1401 1.1 The vulnerability exists...

Multiple Vulnerabilities in BigTree CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BigTree CMS, which can be exploited to perform SQL injection, Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. A remote attacker can add, modify or delete information in application's database and...

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerabili...

Cross-Site Request Forgery (CSRF) in UMI.CMS

High-Tech Bridge Security Research Lab discovered CSRF vulnerability in UMI.CMS, which can be exploited to perform Cross-Site Request Forgery CSRF attacks and create new administrator in the vulnerable application. 1 Cross-site Request Forgery CSRF in UMI.CMS: CVE-2013-2754 The application allows...

Multiple Vulnerabilities in KrisonAV CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...

Multiple SQL Injection Vulnerabilities in Elite Bulletin Board

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks. 1 Multiple SQL injection vulnerabilities in Elite Bulletin Board: CVE-2012-5874 The vulnerabilities exist due to insufficient sanitation of...

Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...

Multiple vulnerabilities in TCExam

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TCExam, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. 1 SQL Injection in TCExam: CVE-2012-4601 1.1 Input passed via the "usergroups" POST parameter to /admin/code/tceedittest.php ...

Multiple vulnerabilities in web@all

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in web@all, which can be exploited to perform Сross-Site Request Forgery CSRF and Cross-Site Scripting XSS attacks. 1 Сross-Site Request Forgery CSRF in web@all: CVE-2012-3231 1.1 The application allows authorized...

XSS in PrestaShop

High-Tech Bridge SA Security Research Lab has discovered vulnerability in PrestaShop, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in PrestaShop Input passed via the "product" POST parameter to ajax.php is not properly sanitised before being...

Multiple vulnerabilities in Piwigo

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Cross-Site Scripting XSS and Path Traversal attacks. 1 Directory Path Traversal in Piwigo: CVE-2012-2208 1.1 Input passed via the "language" GET parameter to upgrade.php ...

Multiple vulnerabilities in osCmax

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in osCmax: CVE-2012-1664 1.1 Input passed via the "username" POST parameter to...

Multiple vulnerabilities in Elefant CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Elefant CMS, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Elefant CMS: CVE-2012-1296 1.1 Input passed via the "title" and "body" GET paramete...

Multiple vulnerabilities in LEPTON

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LEPTON, which can be exploited to perform Local File Inclusion, Cross Site Scripting and SQL Injection attacks. 1 Local File Inclusion in LEPTON: CVE-2012-0998 Input passed via the "language" POST parameter to...

Multiple vulnerabilities in ImpressCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ImpressCMS, which can be exploited to perform cross-site scripting and local file inclusion attacks. 1 Multiple Arbitrary XSS vulnerabilities in ImpressCMS: CVE-2012-0986 1.1 Input appended to the URL after...