Recent Curesec Publications

appRain 4.0.3: CSRF
2015 Dec 02

appRain 4.0.3: CSRF

None of the forms of appRain 4.0.3 have CSRF protection.  

appRain 4.0.3: Code Execution
2015 Dec 02

appRain 4.0.3: Code Execution

appRain 4.0.3, Code Execution, vulnerability, advisory  

AlegroCart 1.2.8: SQL Injection
2015 Nov 13

AlegroCart 1.2.8: SQL Injection

There is an SQL Injection vulnerability in the admin area of AlegroCart 1.2.8.  

AlegroCart 1.2.8: LFI/RFI
2015 Nov 13

AlegroCart 1.2.8: LFI/RFI

There is an LFI/RFI vulnerability in the admin area of AlegroCart 1.2.8.  

LiteCart 1.3.2: Multiple XSS
2015 Nov 13

LiteCart 1.3.2: Multiple XSS

There are multiple XSS vulnerabilities in LiteCart 1.3.2.  

ClipperCMS 1.3.0: XSS
2015 Nov 13

ClipperCMS 1.3.0: XSS

There are multiple XSS vulnerabilities in ClipperCMS 1.3.0.  

ClipperCMS 1.3.0: SQL Injection
2015 Nov 13

ClipperCMS 1.3.0: SQL Injection

There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0.  

ClipperCMS 1.3.0: Path Traversal
2015 Nov 13

ClipperCMS 1.3.0: Path Traversal

There is a Path Traversal vulnerability in ClipperCMS 1.3.0  

ClipperCMS 1.3.0: CSRF
2015 Nov 13

ClipperCMS 1.3.0: CSRF

ClipperCMS 1.3.0 has as only CSRF protection a referer check, which can be disabled by an admin.  

ClipperCMS 1.3.0: Code Execution Exploit
2015 Nov 13

ClipperCMS 1.3.0: Code Execution Exploit