Recent Curesec Publications

4images 1.7.11: Path Traversal
2015 Dec 02

4images 1.7.11: Path Traversal

There is a Path Traversal vulnerability in the admin area of 4images 1.7.11 which allows the reading of arbitrary files.  

4images 1.7.11: Code Execution Exploit
2015 Dec 02

4images 1.7.11: Code Execution Exploit

  

4images 1.7.11: Code Execution
2015 Dec 02

4images 1.7.11: Code Execution

There is a code execution vulnerability in the admin area of 4images 1.7.11.  

CodoForum 3.4: XSS
2015 Dec 02

CodoForum 3.4: XSS

There is an XSS vulnerability in CodoForum 3.4.  

phpwcms 1.7.9: CSRF
2015 Dec 02

phpwcms 1.7.9: CSRF

There is a CSRF vulnerability in phpwcms 1.7.9.  

phpwcms 1.7.9: Code Execution
2015 Dec 02

phpwcms 1.7.9: Code Execution

There are two Code Execution vulnerabilities in phpwcms 1.7.9. A registered user is required to exploit these issues.  

Geeklog 2.1.0: XSS
2015 Dec 02

Geeklog 2.1.0: XSS

There is a reflected XSS vulnerability in the installation script of Geeklog 2.1.0.  

Geeklog 2.1.0: Code Execution Exploit
2015 Dec 02

Geeklog 2.1.0: Code Execution Exploit

  

Geeklog 2.1.0: Code Execution
2015 Dec 02

Geeklog 2.1.0: Code Execution

There are two code execution vulnerability in the admin area of Geeklog 2.1.0.  

redaxscript 2.5.0: XSS
2015 Dec 02

redaxscript 2.5.0: XSS

There is a persistent XSS vulnerability in redaxscript 2.5.0. It requires the victim to hover over a link to trigger.