2015 Sep 14
Zen Cart 1.5.4: Code Execution and Information Leak
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
Recent Curesec Publications
2015 Sep 14
Anchor CMS 0.9.2: XSS
There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.
2015 Sep 01
Serendipity 2.0.1: Blind SQL Injection
There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.
2015 Sep 01
Serendipity 2.0.1: Persistent XSS
There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.
2015 Sep 01
Serendipity 2.0.1: Code Execution
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
2015 Sep 01
NibbleBlog 4.0.3: Code Execution
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
2015 Sep 01
NibbleBlog 4.0.3: CSRF
There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.
2015 Aug 17
Phorum 5.2.19: Reflected XSS (IIS only) and Open Redirect
When running on IIS, Phorum 5.2.19 is open to cross site scripting. Additionally, there is an open redirect vulnerability that is not restricted to any operating system.
2015 Aug 17
Bolt 2.2.4: Code Execution
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
2015 Aug 17
ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability
There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.