Recent Curesec Publications

PivotX 2.3.11: Directory Traversal
2016 Mar 15

PivotX 2.3.11: Directory Traversal

PivotX is vulnerable to Directory Traversal, allowing authenticated users to read and delete files outside of the PivotX directory.  

PivotX 2.3.11: Code Execution
2016 Mar 15

PivotX 2.3.11: Code Execution

PivotX is vulnerable to code execution by authenticated users as it does not check the extension of files when renaming them.  

BigTree 4.2.8: Object Injection & Improper Filename Sanitation
2016 Mar 15

BigTree 4.2.8: Object Injection & Improper Filename Sanitation

BigTree 4.2.8 is vulnerable to object injection. The impact on the CMS itself is rather small, but installed plugins may increase the risk the vulnerability poses.  

Opendocman 1.3.4: HTML Injection
2016 Feb 01

Opendocman 1.3.4: HTML Injection

There are various HTML Injection vulnerabilities in opendocman 1.3.4, leading to XSS, Phishing, and Privilege Escalation.  

Opendocman 1.3.4: CSRF
2016 Feb 01

Opendocman 1.3.4: CSRF

Opendocman 1.3.4 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.  

Atutor 2.2: XSS
2016 Feb 01

Atutor 2.2: XSS

There are various XSS vulnerabilities in Atutor 2.2.  

Bigace 3.0: SQL Injection
2016 Jan 28

Bigace 3.0: SQL Injection

There is an SQL injection in Bigace. A user account with the lowest privilege level is required.  

Bigace 3.0: Code Execution
2016 Jan 28

Bigace 3.0: Code Execution

Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.  

DYNPG 4.6: XSS
2016 Jan 28

DYNPG 4.6: XSS

There are multiple XSS vulnerabilities in DYNPG 4.6.  

DYNPG 4.6: CSRF
2016 Jan 28

DYNPG 4.6: CSRF

DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.