Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

Advanced Module Manager Free extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'Advanced Module Manager Free extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

Self-XSS in Microsoft Dynamics CRM 2013 SP1

High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...

Multiple Vulnerabilities in jforum

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in jforum, which can be exploited to perform Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF attacks. 1 Multiple Cross-Site scripting XSS vulnerabilities in jforum: CVE-2012-6445 1.1 The vulnerability exists d...

subdreamerSQL.txt

//==========================================// \ GHC - Subdreamer - ADVISORY // Product: Subdreamer \ Version: Subdreamer Light // URL: www.subdreamer.com \ VULNERABILITY CLASS: SQL injection //==========================================// Product Description "Powered by PHP and MySQL, Subdreamer...