Recent Curesec Publications

ClipperCMS 1.3.0: Path Traversal
2015 Nov 13

ClipperCMS 1.3.0: Path Traversal

There is a Path Traversal vulnerability in ClipperCMS 1.3.0  

ClipperCMS 1.3.0: CSRF
2015 Nov 13

ClipperCMS 1.3.0: CSRF

ClipperCMS 1.3.0 has as only CSRF protection a referer check, which can be disabled by an admin.  

ClipperCMS 1.3.0: Code Execution Exploit
2015 Nov 13

ClipperCMS 1.3.0: Code Execution Exploit

  

ClipperCMS 1.3.0: Code Execution
2015 Nov 13

ClipperCMS 1.3.0: Code Execution

There is a Code Execution vulnerability in ClipperCMS 1.3.0  

dotclear 2.8.1: XSS
2015 Nov 13

dotclear 2.8.1: XSS

There is a persistent XSS vulnerability in dotclear 2.8.1.  

dotclear 2.8.1: Code Execution
2015 Nov 13

dotclear 2.8.1: Code Execution

There is a Code Execution vulnerability in dotclear 2.8.1.  

Open Source Social Network 3.5: XSS
2015 Nov 13

Open Source Social Network 3.5: XSS

There are two reflected XSS vulnerabilities in Open Source Social Network 3.5.  

Sitemagic CMS 4.1: XSS
2015 Nov 13

Sitemagic CMS 4.1: XSS

There is a reflected XSS vulnerability in Sitemagic CMS 4.1.  

Thelia 2.2.1: XSS
2015 Nov 13

Thelia 2.2.1: XSS

There is a reflected XSS vulnerability in Thelia 2.2.1.  

TomatoCart v1.1.8.6.1: XSS
2015 Nov 13

TomatoCart v1.1.8.6.1: XSS

There are two XSS vulnerabilities in TomatoCart v1.1.8.6.1.