Articles for tag "Vulnerability": 126
2017 Apr 13
The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to reflected as well as persistent XSS. A privileged user account is required to exploit the persistent XSS vulnerability but this can be bypassed via CSRF.
2017 Apr 13
The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to CSRF. Because of this it is possible to add a new admin user.
2017 Apr 13
The authentication of the web interface of the VDSL Client Modem ALL-BM100VDSL2 relies on local IP addresses and can thus be bypassed by an attacker with access to the local network as long as any user is currently authenticated. Additionally, the system contains an undocumented default user with a hardcoded password who has root access to the device.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the setup wizard is vulnerable to code execution. It should be noted that by default, only an administrator can access the setup wizard. By default, administrators have far-reaching permissions via the wizard and via other functionality. There are however some custom configurations where this vulnerability could lead to privilege escalation or undesired code execution.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), it is vulnerable to reflected XSS. XSS can lead to disclosure of cookies, session tokens etc.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the actions of creating and deleting firewall rules are vulnerable to CSRF, enabling an Attacker to edit these rules with a little bit of social engineering.
2017 Mar 17
HumHub is a social media platform written in PHP. In version 0.20.1 as well as 1.0.0-beta.3, it is vulnerable to Code Execution as some functionality allows the uploading of PHP files. Successfull exploitation requires specific server settings. A user account is required as well, but registration is open by default.
2017 Mar 17
HumHub is a social media platform written in PHP. In version 1.0.1 and earlier, it is vulnerable to a reflected XSS attack if debugging is enabled, as well as a self-XSS attack. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2017 Feb 20
phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to reflected and persitent Cross Site Scripting vulnerabilities. The persistent XSS vulnerability is only exploitable by users with specific privileges and may be used for escalating privileges.
2017 Feb 20
phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to SQL injection. The application contains two SQL injections, one of which is in the administration area and one which requires no credentials. Additionally, at least one query is not properly protected against injections. Furthermore, a query in the administration area discloses some information on the password hashes of users.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to multiple persistent as well as a reflected XSS issue. To exploit these vulnerabilities a user account is required most of the time but registration is open by default. XSS allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to various low to medium impact issues, namely open redirect, host header injection, and the leakage of password hashes. Open redirect and host header injection can be used for phishing attacks. The leakage of password hashes is restricted to users with an admin account.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to cross site request forgery. If a victim visits a website that contains specifically crafted code while logged into Elefant, an attacker can for example create a new admin account without the victims knowledge.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to code execution because of two different vulnerabilities. It allows the upload of files with dangerous type, as well as PHP code injection. To exploit this a editor or admin account is required.
2017 Jan 26
Plone is an open source CMS written in python. In version 5.0.5, the Zope Management Interface (ZMI) component is vulnerable to reflected XSS as it does not properly encode double quotes.
2016 Nov 24
In this article we are going to have a closer look on a Smart Plug from TP-Link together with its control app. In the process of investigating the product, we reverse engineered the firmware and the app, managed to control the Smart Plug and steal login credentials.
2016 Nov 10
MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to reflected cross site scripting as well as relative path overwrite. XSS can be used to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection, and RPO may lead to CSS injection.
2016 Nov 10
SPIP is a content management system written in PHP. In version 3.1, it is vulnerable to a persistent as well as reflected cross site scripting vulnerability as it allows users to enter URLs containing the JavaScript protocol, which an attacker can exploit to steal cookies, inject JavaScript keylogger, or bypass CSRF protection. Additionally, it contains a Host Header Injection which may lead to the leakage of password reset tokens and thus the compromisation of user accounts. Finally, the application discloses httpOnly cookies, making exploitation of XSS issues slightly easier.
2016 Nov 10
Mezzanine is an open source CMS written in python. In version 4.2.0, it is vulnerable to two persistent XSS attacks, one of which requires extended privileges, the other one does not. These issues allow an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2016 Nov 10
MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to cross site request forgery. An attacker could exploit this issue to add new users or change the status of existing users to administrator if a victim visits a website containing a specifically crafted payload while logged into MyLittleForum.
2016 Nov 10
MoinMoin is an open source Wiki application written in python. In version 1.9.8, it is vulnerable to two persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to multiple SQL injections. The injections require a user account with elevated privileges.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it contains various low to medium impact issues. The functionality that operates on files and folders is vulnerable to CSRF which may lead to XSS, the logout is vulnerable to Open Redirect, the in-build bruteforce protection can be easily bypassed, and passwords are hashed with md5 and send out via email in plaintext.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to code execution as it is possible to upload files with dangerous type via the media manager.
2016 Nov 10
Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to code execution as it allows the upload of files with a dangerous type. An account with extended privileges is required.
2016 Nov 10
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF.
2016 Nov 10
Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to various low to medium impact issues. It contains an Object Injection, which does not seem to be currently exploitable without custom changes made by users; its session cookies are not set to httpOnly, which may make it easier to exploit XSS issues; and it contains an Open Redirect issue.
2016 Nov 10
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the webuser has access to.
Admin credentials are required.
2016 Sep 15
Peel Shopping is ecommerce software written in PHP. In version 8.0.2, it is vulnerable to Object Injection.
Peel Shopping stores a PHP object in a cookie, which is then unserialized when received by the application. An attacker can send arbitrary PHP objects, and has thus a limited influence on the control flow of the application. This can for example lead to DOS attacks by creating an infinite loop.
2016 Sep 15
Kajona is an open source CMS written in PHP. In version 4.7, it is vulnerable to multiple XSS attacks and limited directory traveral.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
The directory travseral issue gives information about which files exist on a system, and thus allows an attacker to gather information about a system.
2016 Sep 15
MyBB 1.8.6 is vulnerable to login CSRF. Additionally, it stores passwords using weak hashing, and sends passwords via email in plaintext.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it contains various XSS vulnerabilities, some of which are reflected and some of which are persistent. Some of them depend on custom forum or server settings.
These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it improperly validates templates that are passed to eval, allowing for the disclosure of the database password. If the database is writable from remote, it may also lead to code execution.
An admin account is required.
2016 Sep 15
Oxwall is a social networking software written in PHP. In version 1.8.0, it is vulnerable to multiple XSS attacks and a persistent open redirect.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
2016 Mar 15
Zenphoto is vulnerable to remote file inclusion. An admin account is required.
2016 Mar 15
PivotX is vulnerable to reflected XSS.
2016 Mar 15
PivotX is vulnerable to Directory Traversal, allowing authenticated users to read and delete files outside of the PivotX directory.
2016 Mar 15
PivotX is vulnerable to code execution by authenticated users as it does not check the extension of files when renaming them.
2016 Mar 15
BigTree 4.2.8 is vulnerable to object injection. The impact on the CMS itself is rather small, but installed plugins may increase the risk the vulnerability poses.
2016 Feb 01
There are various HTML Injection vulnerabilities in opendocman 1.3.4, leading to XSS, Phishing, and Privilege Escalation.
2016 Feb 01
Opendocman 1.3.4 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.
2016 Feb 01
There are various XSS vulnerabilities in Atutor 2.2.
2016 Jan 28
There is an SQL injection in Bigace. A user account with the lowest privilege level is required.
2016 Jan 28
Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.
2016 Jan 28
There are multiple XSS vulnerabilities in DYNPG 4.6.
2016 Jan 28
DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.
2016 Jan 28
There is a reflected XSS vulnerability in Wolf CMS v0.8.3.1.
2016 Jan 28
There is a code execution vulnerability in Wolf CMS v0.8.3.1. A user account with the Editor role is required.
2016 Jan 28
There are multiple XSS vulnerabilities in Xoops 2.5.7.1.
2016 Jan 28
There is a Blind SQL Injection vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue.
2016 Jan 28
There is a code execution vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue, but the request is not protected against CSRF.
2015 Dec 21
PhpSocial v2.0.0304 is vulnerable to persistent XSS.
2015 Dec 21
PhpSocial v2.0.0304 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.
2015 Dec 21
There is a reflected XSS vulnerability in Arastta 1.1.5.
2015 Dec 21
There are two SQL Injections in Arastta 1.1.5, which both require a user with special privileges to trigger.
2015 Dec 21
Grawlix 1.0.3 has multiple reflected XSS vulnerabilities.
2015 Dec 21
Grawlix 1.0.3 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example changing the password of an admin user.
2015 Dec 21
Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.
2015 Dec 21
There are two reflected XSS and one open redirect vulnerability in CouchCMS 1.4.5.
2015 Dec 21
The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.
2015 Dec 21
There is a reflected XSS vulnerability in the search of esoTalk 1.0.0g4.
2015 Dec 02
There are multiple XSS vulnerabilities in 4images 1.7.12.
2015 Dec 02
There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.
2015 Dec 02
There is a Path Traversal vulnerability in the admin area of 4images 1.7.11 which allows the reading of arbitrary files.
2015 Dec 02
There is a code execution vulnerability in the admin area of 4images 1.7.11.
2015 Dec 02
There is an XSS vulnerability in CodoForum 3.4.
2015 Dec 02
There is a CSRF vulnerability in phpwcms 1.7.9.
2015 Dec 02
There are two Code Execution vulnerabilities in phpwcms 1.7.9. A registered user is required to exploit these issues.
2015 Dec 02
There is a reflected XSS vulnerability in the installation script of Geeklog 2.1.0.
2015 Dec 02
There are two code execution vulnerability in the admin area of Geeklog 2.1.0.
2015 Dec 02
There is a persistent XSS vulnerability in redaxscript 2.5.0. It requires the victim to hover over a link to trigger.
2015 Dec 02
There is a Code Execution vulnerability in the admin area of redaxscript 2.5.0.
2015 Dec 02
There are two reflected XSS vulnerabilities in appRain 4.0.3.
2015 Dec 02
There is a Path Traversal vulnerability in appRain 4.0.3.
2015 Dec 02
None of the forms of appRain 4.0.3 have CSRF protection.
2015 Nov 13
There is an SQL Injection vulnerability in the admin area of AlegroCart 1.2.8.
2015 Nov 13
There is an LFI/RFI vulnerability in the admin area of AlegroCart 1.2.8.
2015 Nov 13
There are multiple XSS vulnerabilities in LiteCart 1.3.2.
2015 Nov 13
There are multiple XSS vulnerabilities in ClipperCMS 1.3.0.
2015 Nov 13
There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0.
2015 Nov 13
There is a Path Traversal vulnerability in ClipperCMS 1.3.0
2015 Nov 13
ClipperCMS 1.3.0 has as only CSRF protection a referer check, which can be disabled by an admin.
2015 Nov 13
There is a Code Execution vulnerability in ClipperCMS 1.3.0
2015 Nov 13
There is a persistent XSS vulnerability in dotclear 2.8.1.
2015 Nov 13
There is a Code Execution vulnerability in dotclear 2.8.1.
2015 Nov 13
There are two reflected XSS vulnerabilities in Open Source Social Network 3.5.
2015 Nov 13
There is a reflected XSS vulnerability in Sitemagic CMS 4.1.
2015 Nov 13
There is a reflected XSS vulnerability in Thelia 2.2.1.
2015 Nov 13
There are two XSS vulnerabilities in TomatoCart v1.1.8.6.1.
2015 Nov 13
There are two Code Execution vulnerabilities in TomatoCart v1.1.8.6.1.
2015 Nov 04
There is a Code Execution vulnerability in the admin area of XCart 5.2.6.
2015 Nov 04
There is a Path Traversal vulnerability in the admin area of XCart 5.2.6. It makes it possible to list directories and download arbitrary files.
2015 Nov 04
There are multiple XSS vulnerabilities in XCart 5.2.6.
2015 Oct 07
There are multiple XSS vulnerabilities in TheHostingTool 1.2.6.
2015 Oct 07
There are multiple SQL Injection vulnerabilities in the admin area of TheHostingTool 1.2.6.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of TheHostingTool 1.2.6.
2015 Oct 07
There are multiple XSS vulnerabilities in Quick.Cart 6.6.
2015 Oct 07
There are multiple CSRF vulnerabilities in Quick.Cart 6.6.
2015 Oct 07
There are multiple XSS vulnerabilities in the admin area of CubeCart 6.0.7.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of CubeCart 6.0.7.
2015 Oct 07
There is an XSS vulnerability in Supercali Event Calendar 1.0.8. This issue has not been fixed.
2015 Oct 07
There is no CSRF protection in Supercali Event Calendar 1.0.8.
2015 Oct 07
There are multiple XSS vulnerabilities in SQLiteManager 1.2.4. This issue has not been fixed.
2015 Oct 07
OpenCart 2.0.3.1 does not have CSRF protection for customers.
2015 Oct 07
MyWebSQL 3.6 does not have CSRF protection.
2015 Oct 07
There is an XSS vulnerability in MiniBB 3.1.1.
2015 Oct 07
There is an XSS vulnerability in Chyrp CMS 2.5.2. This issue has not been fixed.
2015 Oct 07
There is an XSS vulnerability in SQL Buddy 1.3.3. This issue has not been fixed.
2015 Oct 07
The CSRF protection in SQL Buddy 1.3.3. does not work properly. This issue has not been fixed.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
2015 Oct 07
There is a Directory Traversal vulnerability in the admin area of Pligg CMS 2.0.2. This issue has not been fixed.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
2015 Sep 14
ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There is an XSS vulnerability in ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
2015 Sep 14
There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.
2015 Sep 01
There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.
2015 Sep 01
There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.
2015 Sep 01
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
2015 Sep 01
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
2015 Sep 01
There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.
2015 Aug 17
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
2015 Aug 17
There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.