Recent Curesec Publications

Pligg CMS 2.0.2: Directory Traversal
2015 Oct 07

Pligg CMS 2.0.2: Directory Traversal

There is a Directory Traversal vulnerability in the admin area of Pligg CMS 2.0.2. This issue has not been fixed.   

Pligg CMS 2.0.2: Code Execution and CSRF
2015 Oct 07

Pligg CMS 2.0.2: Code Execution and CSRF

There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.   

Installing Snort and Barnyard2
2015 Oct 05

Installing Snort and Barnyard2

How to install Snort and Barnyard2 for Debian and Arch-Linux.  

ZeusCart 4.0: CSRF
2015 Sep 14

ZeusCart 4.0: CSRF

ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.  

ZeusCart 4.0: Code Execution
2015 Sep 14

ZeusCart 4.0: Code Execution

There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.  

ZeusCart 4.0: SQL Injection
2015 Sep 14

ZeusCart 4.0: SQL Injection

There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.   

ZeusCart 4.0: XSS
2015 Sep 14

ZeusCart 4.0: XSS

There is an XSS vulnerability in ZeusCart 4.0. This issue has not been fixed.   

Zen Cart 1.5.4: Code Execution and Information Leak
2015 Sep 14

Zen Cart 1.5.4: Code Execution and Information Leak

There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.  

Anchor CMS 0.9.2: XSS
2015 Sep 14

Anchor CMS 0.9.2: XSS

There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.  

Serendipity 2.0.1: Blind SQL Injection
2015 Sep 01

Serendipity 2.0.1: Blind SQL Injection

There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.