Recent Curesec Publications

SQL Buddy 1.3.3: CSRF
2015 Oct 07

SQL Buddy 1.3.3: CSRF

The CSRF protection in SQL Buddy 1.3.3. does not work properly. This issue has not been fixed.   

Installing Pulledpork for Snort
2015 Oct 07

Installing Pulledpork for Snort

In this article we will download, configure and install Pulledpork and also create a cronjob for automatic rule update while you bother with more important things of your life.  

Pligg CMS 2.0.2: Multiple SQL Injections
2015 Oct 07

Pligg CMS 2.0.2: Multiple SQL Injections

There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.   

Pligg CMS 2.0.2: Directory Traversal
2015 Oct 07

Pligg CMS 2.0.2: Directory Traversal

There is a Directory Traversal vulnerability in the admin area of Pligg CMS 2.0.2. This issue has not been fixed.   

Pligg CMS 2.0.2: Code Execution and CSRF
2015 Oct 07

Pligg CMS 2.0.2: Code Execution and CSRF

There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.   

Installing Snort and Barnyard2
2015 Oct 05

Installing Snort and Barnyard2

How to install Snort and Barnyard2 for Debian and Arch-Linux.  

ZeusCart 4.0: CSRF
2015 Sep 14

ZeusCart 4.0: CSRF

ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.  

ZeusCart 4.0: Code Execution
2015 Sep 14

ZeusCart 4.0: Code Execution

There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.  

ZeusCart 4.0: SQL Injection
2015 Sep 14

ZeusCart 4.0: SQL Injection

There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.   

ZeusCart 4.0: XSS
2015 Sep 14

ZeusCart 4.0: XSS

There is an XSS vulnerability in ZeusCart 4.0. This issue has not been fixed.