NGS000330 Technical Advisory: Squiz CMS File Path Traversal

======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray [email protected] Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ========...

Squiz CMS 11654 File Path Traversal

======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ======== Discovered: 29 June 2012 Release...

Squiz CMS 11654 File Path Traversal Vulnerability

Exploit for php platform in category web applications ======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published...

NGS00330 Patch Notification: Squiz CMS Directory Traversal

High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:...

XXE Injection in CakePHP and Squiz CMS

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007

Sense of Security - Security Advisory - SOS-12-007 Release Date. 14-Jun-2012 Last Update. - Vendor Notification Date. 02-Apr-2012 Product. Squiz CMS Platform. Independent Affected versions. Squiz 4.6.3 verified and possibly others Severity Rating. Medium Impact. Exposure of session information...

Squiz CMS 4.6.3 XXE Injection / Cross Site Scripting

Sense of Security - Security Advisory - SOS-12-007 Release Date. 14-Jun-2012 Last Update. - Vendor Notification Date. 02-Apr-2012 Product. Squiz CMS Platform. Independent Affected versions. Squiz 4.6.3 verified and possibly others Severity Rating. Medium Impact. Exposure of session information...

Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities

source: https://www.securityfocus.com/bid/54049/info Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary code in th...

Squiz CMS - Multiple Cross-Site Scripting XML External Entity Injection Vulnerabilities

Squiz CMS - Multiple Cross-Site Scripting XML External Entity Injection Vulnerabilities source: https://www.securityfocus.com/bid/54049/info Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize...