Recent Curesec Publications

Grawlix 1.0.3: CSRF
2015 Dec 21

Grawlix 1.0.3: CSRF

Grawlix 1.0.3 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example changing the password of an admin user.  

Grawlix 1.0.3: Code Execution
2015 Dec 21

Grawlix 1.0.3: Code Execution

Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.  

CouchCMS 1.4.5: XSS & Open Redirect
2015 Dec 21

CouchCMS 1.4.5: XSS & Open Redirect

There are two reflected XSS and one open redirect vulnerability in CouchCMS 1.4.5.  

CouchCMS 1.4.5: Code Execution
2015 Dec 21

CouchCMS 1.4.5: Code Execution

The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.  

esoTalk 1.0.0g4: XSS
2015 Dec 21

esoTalk 1.0.0g4: XSS

There is a reflected XSS vulnerability in the search of esoTalk 1.0.0g4.  

4images 1.7.12: XSS
2015 Dec 02

4images 1.7.12: XSS

There are multiple XSS vulnerabilities in 4images 1.7.12.  

4images 1.7.11: SQL Injection
2015 Dec 02

4images 1.7.11: SQL Injection

There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.  

4images 1.7.11: Path Traversal
2015 Dec 02

4images 1.7.11: Path Traversal

There is a Path Traversal vulnerability in the admin area of 4images 1.7.11 which allows the reading of arbitrary files.  

4images 1.7.11: Code Execution Exploit
2015 Dec 02

4images 1.7.11: Code Execution Exploit

  

4images 1.7.11: Code Execution
2015 Dec 02

4images 1.7.11: Code Execution

There is a code execution vulnerability in the admin area of 4images 1.7.11.