Recent Curesec Publications

Arastta 1.1.5: XSS
2015 Dec 21

Arastta 1.1.5: XSS

There is a reflected XSS vulnerability in Arastta 1.1.5.  

Arastta 1.1.5: SQL Injection
2015 Dec 21

Arastta 1.1.5: SQL Injection

There are two SQL Injections in Arastta 1.1.5, which both require a user with special privileges to trigger.  

Grawlix 1.0.3: XSS
2015 Dec 21

Grawlix 1.0.3: XSS

Grawlix 1.0.3 has multiple reflected XSS vulnerabilities.  

Grawlix 1.0.3: CSRF
2015 Dec 21

Grawlix 1.0.3: CSRF

Grawlix 1.0.3 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example changing the password of an admin user.  

Grawlix 1.0.3: Code Execution
2015 Dec 21

Grawlix 1.0.3: Code Execution

Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.  

CouchCMS 1.4.5: XSS & Open Redirect
2015 Dec 21

CouchCMS 1.4.5: XSS & Open Redirect

There are two reflected XSS and one open redirect vulnerability in CouchCMS 1.4.5.  

CouchCMS 1.4.5: Code Execution
2015 Dec 21

CouchCMS 1.4.5: Code Execution

The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.  

esoTalk 1.0.0g4: XSS
2015 Dec 21

esoTalk 1.0.0g4: XSS

There is a reflected XSS vulnerability in the search of esoTalk 1.0.0g4.  

4images 1.7.12: XSS
2015 Dec 02

4images 1.7.12: XSS

There are multiple XSS vulnerabilities in 4images 1.7.12.  

4images 1.7.11: SQL Injection
2015 Dec 02

4images 1.7.11: SQL Injection

There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.