2015 Aug 07
CodoForum 3.3.1: Multiple SQL Injection Vulnerabilities
There are two SQL injection vulnerabilities in CodoForum, one of which does not require the attacker to be authenticated.
Recent Curesec Publications
2015 Aug 07
CodoForum 3.3.1: Multiple Cross Site Scripting Vulnerabilities
There are multiple reflected cross site scripting vulnerabilities in version 3.3.1 of CodoForum.
2015 Aug 07
BigTree CMS 4.2.3: Multiple SQL Injection Vulnerabilities
There are multiple SQL injection vulnerabilities in the admin area of version 4.2.3 of the BigTree CMS.
2015 Aug 07
BigTree CMS 4.2.3: Multiple Cross Site Scripting Vulnerabilities
There are multiple reflected cross site scripting vulnerabilities in version 4.2.3 of BigTree CMS.
2014 Jul 04
CVE-2014-N/A com.android.contacts
This bug is similar to CVE-2013-6272 but is only exploitable on older Android versions. The bug exists in the component com.android.contacts.
2014 Jul 04
CVE-2013-6272 com.android.phone
We conducted a deep investigation of android components and created some CVEs plus reporting Bugs to the Android Security Team in late 2013. Today we want publish one reported and one similar vulnerability.
2014 May 02
Heartbleed analysis daemon published
The Heartbleed bug is a programming error in the versions 1.0.1 to 1.0.1f of the open-source OpenSSL cryptography library. Curesec has published hbad, a Heartbleed client side tool to check for this critical security gap.
2014 Apr 09
"Heartbleed" security checkup
Two days ago a critical security gap in one of the most common encryption protocolls (SSL) named „Heartbleed“ was published. We offer a free checkup to our clients!
2014 Mar 05
Nsdtool published
Nsdtool is a toolset of scripts used to detect netgear switches in local networks.
2013 Dec 05
CVE-2013-6224: Cross Site Scripting in LiveZilla
Various components of the LiveZilla application are vulnerable to cross site scripting. An attacker can hijack an operator with cross site scripting.