Atlassian Confluence 3.x / 4.x Information Disclosure

Hello list, Since vendor does not seem to care about this issue more than a year after initial report https://jira.atlassian.com/browse/CONF-23985, I think that is time to share this issue. ------------------------- Affected products: ------------------------- Atlassian Confluence 3.x and 4.x...

poMMo Aardvark PR16.1 Cross Site Scripting

Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo poMMo Aardvark...

Многочисленные уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Abuse of Functionality, Insufficient Anti-automation и Brute Force уязвимостях в MyBB. Information Leakage WASC-13: Логины есть именами пользователей на форуме и соответственно на страницах форума можно выявить логины. Abuse o...

XSS, AoF и IAA уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Abuse of Functionality и Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Downloads " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss...

MC Content Manager 10.1.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions o...

PHP-Nuke 8.0 Cross Site Scripting

Hello list! I want to warn you about Insufficient Anti-automation and Cross-Site Scripting vulnerabilities in PHP-Nuke. SecurityVulns ID: 11485. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.0 and previous versions. ---------- Details: ----------...

Новые уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Insufficient Anti-automation и Cross-Site Scripting уязвимостях в системе PHP-Nuke. Insufficient Anti-automation WASC-21: http://site/modules.php?name=SubmitNews В форме нет защиты от автоматизированных запросов капчи. XSS WASC-08:...

SimpGB 1.49.02 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...

PHP-Nuke 8.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in PHP-Nuke. SecurityVulns ID: 11343. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.1 and previous versions. Tested in PHP-Nuke 8.0 and 8.1...

Уязвимости в PHPShop

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Cross-Site Scripting, Denial of Service и Full path disclosure уязвимостях в PHPShop. Это движок для онлайн магазинов. Insufficient Anti-automation WASC-21: http://site/users/register.html На данной странице...