151 matches found
Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities
No description provided by source. Advisory: Serendipity 1.7.5 Backend - Multiple security vulnerabilities Advisory ID: SSCHADV2014-003 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.7.5 Vendor URL: http://www.s9y.org/ Vendor Status: fixed =========================...
websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities
No description provided by source. Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...
openEngine 2.0 - Multiple Blind SQL Injection vulnerabilities
No description provided by source. Advisory: openEngine 2.0 'key' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-026 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: -...
PHP Address Book 7.0.0 - Multiple Vulnerabilities
No description provided by source. Advisory: PHP Address Book 7.0.0 Multiple security vulnerabilities Advisory ID: SSCHADV2012-013 Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 7.0.0 Vendor URL: http://sourceforge.net/projects/php-addressbook/ Vendor Status:...
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
No description provided by source. Advisory: Meditate Web Content Editor 'usernameinput' SQL-Injection vulnerability Advisory ID: SSCHADV2011-039 Author: Stefan Schurtz Affected Software: Successfully tested on Meditate 1.2 Vendor URL: http://www.arlomedia.com/ Vendor Status: fixed...
KnFTPd 1.0.0 'FEAT' DoS PoC-Exploit
No description provided by source. !/usr/bin/perl Advisory: KnFTPd 1.0.0 'FEAT' DoS PoC-Exploit Author: Stefan Schurtz Affected Software: Successfully tested on KnFTPd 1.0.0 Vendor URL: http://knftp.sourceforge.net/ Vendor Status: informed CVE-ID: - PoC-Version: 1.0 use strict; use Net::FTP; my...
Metasploit 4.1.0 Web UI stored XSS Vulnerability
No description provided by source. Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: informed...
admidio 2.3.5 - Multiple Vulnerabilities
No description provided by source. Advisory: Admidio 2.3.5 Multiple security vulnerabilities Advisory ID: SSCHADV2012-019 Author: Stefan Schurtz Affected Software: Successfully tested on Admidio 2.3.5 Vendor URL: http://www.admidio.org/ Vendor Status: fixed ========================== Vulnerabilit...
zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
No description provided by source. !/usr/bin/perl Advisory: zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on zFTPServer Suite 6.0.0.52 Vendor URL: http://www.zftpserver.com/ Vendor Status: fixed...
PHP Address Book 6.2.12 Multiple security vulnerabilities
No description provided by source. Advisory: PHP Address Book 6.2.12 Multiple security vulnerabilities Advisory ID: SSCHADV2012-007 Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 6.2.12 Vendor URL: http://sourceforge.net/projects/php-addressbook/ Vendor Status:...
Yet Another CMS 1.0 - SQL Injection & XSS vulnerabilities
No description provided by source. Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed...
Serendipity 1.6 Backend XSS And SQLi Vulnerability
No description provided by source. Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6 Vendor URL: http://www.s9y.org...
Nagios Plugin check_ups Local Buffer Overflow PoC
No description provided by source. Advisory: Nagios Plugin 'checkups' local buffer overflow Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on nagios-plugins-1.4.15 Vendor URL: http://nagiosplugins.org/ ./checkups -u perl -e 'print Ax16407' buffer...
reg.ebay.com Cross Site Scripting
Advisory: reg.ebay.com - Cross-site Scripting vulnerability Advisory ID: SSCHADV2014-004 Author: Stefan Schurtz Affected Software: Successfully tested on reg.ebay.com Vendor URL: http://www.ebay.com/ Vendor Status: informed ========================== Vulnerability Description...
Yahoo ads.yahoo.com Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In Nov ?13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I?ve got no response or feedback, so I wrote a message to them via email this time ... and so on ... blah blah : To cut a long story...
Yahoo intl Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is the my last advisory which I've reported in 2013 to the Yahoo Bug Bounty Program. And again...the same story for this report as for my others :-/ If you're interested, you can read it here:...
S9Y Serendipity 1.7.5 - Backend Multiple Vulnerabilities
S9Y Serendipity 1.7.5 - Backend Multiple Vulnerabilities Advisory: Serendipity 1.7.5 Backend - Multiple security vulnerabilities Advisory ID: SSCHADV2014-003 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.7.5 Vendor URL: http://www.s9y.org/ Vendor Status: fixed...
Bing Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: ssl.bing.com - Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-012 Author: Stefan Schurtz Affected Software: Successfully tested on ssl.bing.com Vendor URL: http://www.microsoft.com Vendor Status: fixed ==========================...
Yahoo! Open Redirect
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Yahoo Bug Bounty Program Vulnerability 2 Open Redirect Advisory ID: SSCHADV2013-YahooBB-002 Author: Stefan Schurtz Affected Software: Successfully tested on ads.yahoo.com Vendor URL: http://yahoo.com Vendor Status: informed...
Apple Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After four weeks the following xss are still not fixed: Tested with IE8 / IE 10 & Google Chrome 27.0 http://store.apple.com/us/browse/home/shopipad"/ http://store.apple.com/us/browse/home/shopiphone"/...