2015 Sep 01
Serendipity 2.0.1: Persistent XSS
There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.
Recent Curesec Publications
2015 Sep 01
Serendipity 2.0.1: Code Execution
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
2015 Sep 01
NibbleBlog 4.0.3: Code Execution
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
2015 Sep 01
NibbleBlog 4.0.3: CSRF
There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.
2015 Aug 17
Phorum 5.2.19: Reflected XSS (IIS only) and Open Redirect
When running on IIS, Phorum 5.2.19 is open to cross site scripting. Additionally, there is an open redirect vulnerability that is not restricted to any operating system.
2015 Aug 17
Bolt 2.2.4: Code Execution
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
2015 Aug 17
ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability
There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.
2015 Aug 07
CodoForum 3.3.1: Multiple SQL Injection Vulnerabilities
There are two SQL injection vulnerabilities in CodoForum, one of which does not require the attacker to be authenticated.
2015 Aug 07
CodoForum 3.3.1: Multiple Cross Site Scripting Vulnerabilities
There are multiple reflected cross site scripting vulnerabilities in version 3.3.1 of CodoForum.
2015 Aug 07
BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities
There are multiple SQL injection vulnerabilities in the admin area of version 4.2.3 of the BigTree CMS.