Recent Curesec Publications

XCart 5.2.6: Path Traversal
2015 Nov 04

XCart 5.2.6: Path Traversal

There is a Path Traversal vulnerability in the admin area of XCart 5.2.6. It makes it possible to list directories and download arbitrary files.  

XCart 5.2.6: XSS
2015 Nov 04

XCart 5.2.6: XSS

There are multiple XSS vulnerabilities in XCart 5.2.6.  

TheHostingTool 1.2.6: Multiple XSS
2015 Oct 07

TheHostingTool 1.2.6: Multiple XSS

There are multiple XSS vulnerabilities in TheHostingTool 1.2.6.  

TheHostingTool 1.2.6: Multiple SQL Injection
2015 Oct 07

TheHostingTool 1.2.6: Multiple SQL Injection

There are multiple SQL Injection vulnerabilities in the admin area of TheHostingTool 1.2.6.  

TheHostingTool 1.2.6: Code Execution
2015 Oct 07

TheHostingTool 1.2.6: Code Execution

There is a Code Execution vulnerability in the admin area of TheHostingTool 1.2.6.  

Quick.Cart 6.6: Multiple XSS
2015 Oct 07

Quick.Cart 6.6: Multiple XSS

There are multiple XSS vulnerabilities in Quick.Cart 6.6.  

Quick.Cart 6.6: CSRF
2015 Oct 07

Quick.Cart 6.6: CSRF

There are multiple CSRF vulnerabilities in Quick.Cart 6.6.  

CubeCart 6.0.7: XSS
2015 Oct 07

CubeCart 6.0.7: XSS

There are multiple XSS vulnerabilities in the admin area of CubeCart 6.0.7.  

CubeCart 6.0.7: Code Execution
2015 Oct 07

CubeCart 6.0.7: Code Execution

There is a Code Execution vulnerability in the admin area of CubeCart 6.0.7.  

Supercali Event Calendar 1.0.8: XSS
2015 Oct 07

Supercali Event Calendar 1.0.8: XSS

There is an XSS vulnerability in Supercali Event Calendar 1.0.8. This issue has not been fixed.