Recent Curesec Publications
2016 Sep 15
Peel Shopping is ecommerce software written in PHP. In version 8.0.2, it is vulnerable to Object Injection.
Peel Shopping stores a PHP object in a cookie, which is then unserialized when received by the application. An attacker can send arbitrary PHP objects, and has thus a limited influence on the control flow of the application. This can for example lead to DOS attacks by creating an infinite loop.
2016 Sep 15
Kajona is an open source CMS written in PHP. In version 4.7, it is vulnerable to multiple XSS attacks and limited directory traveral.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
The directory travseral issue gives information about which files exist on a system, and thus allows an attacker to gather information about a system.
2016 Sep 15
MyBB 1.8.6 is vulnerable to login CSRF. Additionally, it stores passwords using weak hashing, and sends passwords via email in plaintext.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it contains various XSS vulnerabilities, some of which are reflected and some of which are persistent. Some of them depend on custom forum or server settings.
These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it improperly validates templates that are passed to eval, allowing for the disclosure of the database password. If the database is writable from remote, it may also lead to code execution.
An admin account is required.
2016 Sep 15
Oxwall is a social networking software written in PHP. In version 1.8.0, it is vulnerable to multiple XSS attacks and a persistent open redirect.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
2016 Sep 06
Die Curesec GmbH berät Unternehmen bei der Umsetzung sicherer IT-Systeme. Wir bieten Schwachstellenanalysen von Umgebung und Applikationen, z.B. in Onlineshops, Firmennetzwerken, Applikationen und externen Devices, um Unternehmens- und Kundendaten vor schädlichem Zugriff abzusichern.
2016 Mar 15
Zenphoto is vulnerable to remote file inclusion. An admin account is required.
2016 Mar 15
PivotX is vulnerable to reflected XSS.