Articles for tag "Vulnerability": 127

Tutorial on exploiting an ALLNET ALLBM100VDSL2V modem
2017 May 24

Tutorial on exploiting an ALLNET ALLBM100VDSL2V modem

This tutorial shows how to use the broken authentication and find the support_user of an ALLNET ALLBM100VDSL2V modem.

VDSL Client Modem ALL-BM100VDSL2: CSRF
2017 May 09

VDSL Client Modem ALL-BM100VDSL2: CSRF

The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to CSRF. Because of this it is possible to add a new admin user.

VDSL Client Modem ALL-BM100VDSL2: XSS
2017 Apr 13

VDSL Client Modem ALL-BM100VDSL2: XSS

The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to reflected as well as persistent XSS. A privileged user account is required to exploit the persistent XSS vulnerability but this can be bypassed via CSRF.

VDSL Client Modem ALL-BM100VDSL2: Broken Authentication and Default Root User
2017 Apr 13

VDSL Client Modem ALL-BM100VDSL2: Broken Authentication and Default Root User

The authentication of the web interface of the VDSL Client Modem ALL-BM100VDSL2 relies on local IP addresses and can thus be bypassed by an attacker with access to the local network as long as any user is currently authenticated. Additionally, the system contains an undocumented default user with a hardcoded password who has root access to the device.

pfsense 2.3.2: Code Execution
2017 Mar 24

pfsense 2.3.2: Code Execution

pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the setup wizard is vulnerable to code execution. It should be noted that by default, only an administrator can access the setup wizard. By default, administrators have far-reaching permissions via the wizard and via other functionality. There are however some custom configurations where this vulnerability could lead to privilege escalation or undesired code execution.

pfsense 2.3.2: XSS
2017 Mar 24

pfsense 2.3.2: XSS

pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), it is vulnerable to reflected XSS. XSS can lead to disclosure of cookies, session tokens etc.

pfsense 2.3.2: CSRF
2017 Mar 24

pfsense 2.3.2: CSRF

pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the actions of creating and deleting firewall rules are vulnerable to CSRF, enabling an Attacker to edit these rules with a little bit of social engineering.

HumHub 0.20.1 / 1.0.0-beta.3: Code Execution
2017 Mar 17

HumHub 0.20.1 / 1.0.0-beta.3: Code Execution

HumHub is a social media platform written in PHP. In version 0.20.1 as well as 1.0.0-beta.3, it is vulnerable to Code Execution as some functionality allows the uploading of PHP files. Successfull exploitation requires specific server settings. A user account is required as well, but registration is open by default.

HumHub 1.0.1: XSS
2017 Mar 17

HumHub 1.0.1: XSS

HumHub is a social media platform written in PHP. In version 1.0.1 and earlier, it is vulnerable to a reflected XSS attack if debugging is enabled, as well as a self-XSS attack. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.

phplist 3.2.6: XSS
2017 Feb 20

phplist 3.2.6: XSS

phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to reflected and persitent Cross Site Scripting vulnerabilities. The persistent XSS vulnerability is only exploitable by users with specific privileges and may be used for escalating privileges.

phplist 3.2.6: SQL Injection
2017 Feb 20

phplist 3.2.6: SQL Injection

phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to SQL injection. The application contains two SQL injections, one of which is in the administration area and one which requires no credentials. Additionally, at least one query is not properly protected against injections. Furthermore, a query in the administration area discloses some information on the password hashes of users.

Elefant CMS 1.3.12-RC: CSRF
2017 Feb 02

Elefant CMS 1.3.12-RC: CSRF

Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to cross site request forgery. If a victim visits a website that contains specifically crafted code while logged into Elefant, an attacker can for example create a new admin account without the victims knowledge.

Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS
2017 Feb 02

Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS

Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to multiple persistent as well as a reflected XSS issue. To exploit these vulnerabilities a user account is required most of the time but registration is open by default. XSS allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.

Elefant CMS 1.3.12-RC: Open Redirect, Host Header Injection, Leakage of Password Hashes
2017 Feb 02

Elefant CMS 1.3.12-RC: Open Redirect, Host Header Injection, Leakage of Password Hashes

Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to various low to medium impact issues, namely open redirect, host header injection, and the leakage of password hashes. Open redirect and host header injection can be used for phishing attacks. The leakage of password hashes is restricted to users with an admin account.

Elefant CMS 1.3.12-RC: Code Execution
2017 Feb 02

Elefant CMS 1.3.12-RC: Code Execution

Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to code execution because of two different vulnerabilities. It allows the upload of files with dangerous type, as well as PHP code injection. To exploit this a editor or admin account is required.

Plone: XSS
2017 Jan 26

Plone: XSS

Plone is an open source CMS written in python. In version 5.0.5, the Zope Management Interface (ZMI) component is vulnerable to reflected XSS as it does not properly encode double quotes.

The HS-110 Smart Plug aka Projekt Kasa
2016 Nov 24

The HS-110 Smart Plug aka Projekt Kasa

In this article we are going to have a closer look on a Smart Plug from TP-Link together with its control app. In the process of investigating the product, we reverse engineered the firmware and the app, managed to control the Smart Plug and steal login credentials.

MyLittleForum 2.3.6.1: XSS & RPO
2016 Nov 10

MyLittleForum 2.3.6.1: XSS & RPO

MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to reflected cross site scripting as well as relative path overwrite. XSS can be used to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection, and RPO may lead to CSS injection.

SPIP 3.1: XSS & Host Header Injection
2016 Nov 10

SPIP 3.1: XSS & Host Header Injection

SPIP is a content management system written in PHP. In version 3.1, it is vulnerable to a persistent as well as reflected cross site scripting vulnerability as it allows users to enter URLs containing the JavaScript protocol, which an attacker can exploit to steal cookies, inject JavaScript keylogger, or bypass CSRF protection. Additionally, it contains a Host Header Injection which may lead to the leakage of password reset tokens and thus the compromisation of user accounts. Finally, the application discloses httpOnly cookies, making exploitation of XSS issues slightly easier.

Mezzanine 4.2.0: XSS
2016 Nov 10

Mezzanine 4.2.0: XSS

Mezzanine is an open source CMS written in python. In version 4.2.0, it is vulnerable to two persistent XSS attacks, one of which requires extended privileges, the other one does not. These issues allow an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.

MyLittleForum 2.3.6.1: CSRF
2016 Nov 10

MyLittleForum 2.3.6.1: CSRF

MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to cross site request forgery. An attacker could exploit this issue to add new users or change the status of existing users to administrator if a victim visits a website containing a specifically crafted payload while logged into MyLittleForum.

MoinMoin 1.9.8: XSS
2016 Nov 10

MoinMoin 1.9.8: XSS

MoinMoin is an open source Wiki application written in python. In version 1.9.8, it is vulnerable to two persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.

Lepton 2.2.2: SQL Injection
2016 Nov 10

Lepton 2.2.2: SQL Injection

Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to multiple SQL injections. The injections require a user account with elevated privileges.

Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling
2016 Nov 10

Lepton 2.2.2: CSRF, Open Redirect, Insecure Bruteforce Protection & Password Handling

Lepton is a content management system written in PHP. In version 2.2.2, it contains various low to medium impact issues. The functionality that operates on files and folders is vulnerable to CSRF which may lead to XSS, the logout is vulnerable to Open Redirect, the in-build bruteforce protection can be easily bypassed, and passwords are hashed with md5 and send out via email in plaintext.

Lepton 2.2.2: Code Execution
2016 Nov 10

Lepton 2.2.2: Code Execution

Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to code execution as it is possible to upload files with dangerous type via the media manager.

Jaws 1.1.1: Code Execution
2016 Nov 10

Jaws 1.1.1: Code Execution

Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to code execution as it allows the upload of files with a dangerous type. An account with extended privileges is required.

FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF
2016 Nov 10

FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF

FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF.

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags
2016 Nov 10

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags

Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to various low to medium impact issues. It contains an Object Injection, which does not seem to be currently exploitable without custom changes made by users; its session cookies are not set to httpOnly, which may make it easier to exploit XSS issues; and it contains an Open Redirect issue.

FUDforum 3.0.6: LFI
2016 Nov 10

FUDforum 3.0.6: LFI

FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the webuser has access to. Admin credentials are required.

Peel Shopping 8.0.2: Object Injection
2016 Sep 15

Peel Shopping 8.0.2: Object Injection

Peel Shopping is ecommerce software written in PHP. In version 8.0.2, it is vulnerable to Object Injection. Peel Shopping stores a PHP object in a cookie, which is then unserialized when received by the application. An attacker can send arbitrary PHP objects, and has thus a limited influence on the control flow of the application. This can for example lead to DOS attacks by creating an infinite loop.

Kajona 4.7: XSS & Directory Traversal
2016 Sep 15

Kajona 4.7: XSS & Directory Traversal

Kajona is an open source CMS written in PHP. In version 4.7, it is vulnerable to multiple XSS attacks and limited directory traveral. The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection. The directory travseral issue gives information about which files exist on a system, and thus allows an attacker to gather information about a system.

MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords
2016 Sep 15

MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords

MyBB 1.8.6 is vulnerable to login CSRF. Additionally, it stores passwords using weak hashing, and sends passwords via email in plaintext.

MyBB 1.8.6: XSS
2016 Sep 15

MyBB 1.8.6: XSS

MyBB is forum software written in PHP. In version 1.8.6, it contains various XSS vulnerabilities, some of which are reflected and some of which are persistent. Some of them depend on custom forum or server settings. These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.

MyBB 1.8.6: SQL Injection
2016 Sep 15

MyBB 1.8.6: SQL Injection

MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.

MyBB 1.8.6: Improper validation of data passed to eval
2016 Sep 15

MyBB 1.8.6: Improper validation of data passed to eval

MyBB is forum software written in PHP. In version 1.8.6, it improperly validates templates that are passed to eval, allowing for the disclosure of the database password. If the database is writable from remote, it may also lead to code execution. An admin account is required.

Oxwall 1.8.0: XSS & Open Redirect
2016 Sep 15

Oxwall 1.8.0: XSS & Open Redirect

Oxwall is a social networking software written in PHP. In version 1.8.0, it is vulnerable to multiple XSS attacks and a persistent open redirect. The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.

Zenphoto 1.4.11: RFI
2016 Mar 15

Zenphoto 1.4.11: RFI

Zenphoto is vulnerable to remote file inclusion. An admin account is required.

PivotX 2.3.11: Reflected XSS
2016 Mar 15

PivotX 2.3.11: Reflected XSS

PivotX is vulnerable to reflected XSS.

PivotX 2.3.11: Directory Traversal
2016 Mar 15

PivotX 2.3.11: Directory Traversal

PivotX is vulnerable to Directory Traversal, allowing authenticated users to read and delete files outside of the PivotX directory.

PivotX 2.3.11: Code Execution
2016 Mar 15

PivotX 2.3.11: Code Execution

PivotX is vulnerable to code execution by authenticated users as it does not check the extension of files when renaming them.

BigTree 4.2.8: Object Injection & Improper Filename Sanitation
2016 Mar 15

BigTree 4.2.8: Object Injection & Improper Filename Sanitation

BigTree 4.2.8 is vulnerable to object injection. The impact on the CMS itself is rather small, but installed plugins may increase the risk the vulnerability poses.

Opendocman 1.3.4: HTML Injection
2016 Feb 01

Opendocman 1.3.4: HTML Injection

There are various HTML Injection vulnerabilities in opendocman 1.3.4, leading to XSS, Phishing, and Privilege Escalation.

Opendocman 1.3.4: CSRF
2016 Feb 01

Opendocman 1.3.4: CSRF

Opendocman 1.3.4 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.

Atutor 2.2: XSS
2016 Feb 01

Atutor 2.2: XSS

There are various XSS vulnerabilities in Atutor 2.2.

Bigace 3.0: SQL Injection
2016 Jan 28

Bigace 3.0: SQL Injection

There is an SQL injection in Bigace. A user account with the lowest privilege level is required.

Bigace 3.0: Code Execution
2016 Jan 28

Bigace 3.0: Code Execution

Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.

DYNPG 4.6: XSS
2016 Jan 28

DYNPG 4.6: XSS

There are multiple XSS vulnerabilities in DYNPG 4.6.

DYNPG 4.6: CSRF
2016 Jan 28

DYNPG 4.6: CSRF

DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.

Wolf CMS v0.8.3.1: XSS
2016 Jan 28

Wolf CMS v0.8.3.1: XSS

There is a reflected XSS vulnerability in Wolf CMS v0.8.3.1.

Wolf CMS v0.8.3.1: Code Execution & Privilege Escalation
2016 Jan 28

Wolf CMS v0.8.3.1: Code Execution & Privilege Escalation

There is a code execution vulnerability in Wolf CMS v0.8.3.1. A user account with the Editor role is required.

Xoops 2.5.7.1: XSS
2016 Jan 28

Xoops 2.5.7.1: XSS

There are multiple XSS vulnerabilities in Xoops 2.5.7.1.

Xoops 2.5.7.1: Blind SQL Injection
2016 Jan 28

Xoops 2.5.7.1: Blind SQL Injection

There is a Blind SQL Injection vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue.

Xoops 2.5.7.1: Code Execution
2016 Jan 28

Xoops 2.5.7.1: Code Execution

There is a code execution vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue, but the request is not protected against CSRF.

PhpSocial v2.0.0304: XSS
2015 Dec 21

PhpSocial v2.0.0304: XSS

PhpSocial v2.0.0304 is vulnerable to persistent XSS.

PhpSocial v2.0.0304: CSRF
2015 Dec 21

PhpSocial v2.0.0304: CSRF

PhpSocial v2.0.0304 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.

Arastta 1.1.5: XSS
2015 Dec 21

Arastta 1.1.5: XSS

There is a reflected XSS vulnerability in Arastta 1.1.5.

Arastta 1.1.5: SQL Injection
2015 Dec 21

Arastta 1.1.5: SQL Injection

There are two SQL Injections in Arastta 1.1.5, which both require a user with special privileges to trigger.

Grawlix 1.0.3: XSS
2015 Dec 21

Grawlix 1.0.3: XSS

Grawlix 1.0.3 has multiple reflected XSS vulnerabilities.

Grawlix 1.0.3: CSRF
2015 Dec 21

Grawlix 1.0.3: CSRF

Grawlix 1.0.3 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example changing the password of an admin user.

Grawlix 1.0.3: Code Execution
2015 Dec 21

Grawlix 1.0.3: Code Execution

Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.

CouchCMS 1.4.5: XSS & Open Redirect
2015 Dec 21

CouchCMS 1.4.5: XSS & Open Redirect

There are two reflected XSS and one open redirect vulnerability in CouchCMS 1.4.5.

CouchCMS 1.4.5: Code Execution
2015 Dec 21

CouchCMS 1.4.5: Code Execution

The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.

esoTalk 1.0.0g4: XSS
2015 Dec 21

esoTalk 1.0.0g4: XSS

There is a reflected XSS vulnerability in the search of esoTalk 1.0.0g4.

4images 1.7.12: XSS
2015 Dec 02

4images 1.7.12: XSS

There are multiple XSS vulnerabilities in 4images 1.7.12.

4images 1.7.11: SQL Injection
2015 Dec 02

4images 1.7.11: SQL Injection

There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.

4images 1.7.11: Path Traversal
2015 Dec 02

4images 1.7.11: Path Traversal

There is a Path Traversal vulnerability in the admin area of 4images 1.7.11 which allows the reading of arbitrary files.

4images 1.7.11: Code Execution
2015 Dec 02

4images 1.7.11: Code Execution

There is a code execution vulnerability in the admin area of 4images 1.7.11.

CodoForum 3.4: XSS
2015 Dec 02

CodoForum 3.4: XSS

There is an XSS vulnerability in CodoForum 3.4.

phpwcms 1.7.9: CSRF
2015 Dec 02

phpwcms 1.7.9: CSRF

There is a CSRF vulnerability in phpwcms 1.7.9.

phpwcms 1.7.9: Code Execution
2015 Dec 02

phpwcms 1.7.9: Code Execution

There are two Code Execution vulnerabilities in phpwcms 1.7.9. A registered user is required to exploit these issues.

Geeklog 2.1.0: XSS
2015 Dec 02

Geeklog 2.1.0: XSS

There is a reflected XSS vulnerability in the installation script of Geeklog 2.1.0.

Geeklog 2.1.0: Code Execution
2015 Dec 02

Geeklog 2.1.0: Code Execution

There are two code execution vulnerability in the admin area of Geeklog 2.1.0.

redaxscript 2.5.0: XSS
2015 Dec 02

redaxscript 2.5.0: XSS

There is a persistent XSS vulnerability in redaxscript 2.5.0. It requires the victim to hover over a link to trigger.

redaxscript 2.5.0: Code Execution
2015 Dec 02

redaxscript 2.5.0: Code Execution

There is a Code Execution vulnerability in the admin area of redaxscript 2.5.0.

appRain 4.0.3: XSS
2015 Dec 02

appRain 4.0.3: XSS

There are two reflected XSS vulnerabilities in appRain 4.0.3.

appRain 4.0.3: Path Traversal
2015 Dec 02

appRain 4.0.3: Path Traversal

There is a Path Traversal vulnerability in appRain 4.0.3.

appRain 4.0.3: CSRF
2015 Dec 02

appRain 4.0.3: CSRF

None of the forms of appRain 4.0.3 have CSRF protection.

AlegroCart 1.2.8: SQL Injection
2015 Nov 13

AlegroCart 1.2.8: SQL Injection

There is an SQL Injection vulnerability in the admin area of AlegroCart 1.2.8.

AlegroCart 1.2.8: LFI/RFI
2015 Nov 13

AlegroCart 1.2.8: LFI/RFI

There is an LFI/RFI vulnerability in the admin area of AlegroCart 1.2.8.

LiteCart 1.3.2: Multiple XSS
2015 Nov 13

LiteCart 1.3.2: Multiple XSS

There are multiple XSS vulnerabilities in LiteCart 1.3.2.

ClipperCMS 1.3.0: XSS
2015 Nov 13

ClipperCMS 1.3.0: XSS

There are multiple XSS vulnerabilities in ClipperCMS 1.3.0.

ClipperCMS 1.3.0: SQL Injection
2015 Nov 13

ClipperCMS 1.3.0: SQL Injection

There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0.

ClipperCMS 1.3.0: Path Traversal
2015 Nov 13

ClipperCMS 1.3.0: Path Traversal

There is a Path Traversal vulnerability in ClipperCMS 1.3.0

ClipperCMS 1.3.0: CSRF
2015 Nov 13

ClipperCMS 1.3.0: CSRF

ClipperCMS 1.3.0 has as only CSRF protection a referer check, which can be disabled by an admin.

ClipperCMS 1.3.0: Code Execution
2015 Nov 13

ClipperCMS 1.3.0: Code Execution

There is a Code Execution vulnerability in ClipperCMS 1.3.0

dotclear 2.8.1: XSS
2015 Nov 13

dotclear 2.8.1: XSS

There is a persistent XSS vulnerability in dotclear 2.8.1.

dotclear 2.8.1: Code Execution
2015 Nov 13

dotclear 2.8.1: Code Execution

There is a Code Execution vulnerability in dotclear 2.8.1.

Open Source Social Network 3.5: XSS
2015 Nov 13

Open Source Social Network 3.5: XSS

There are two reflected XSS vulnerabilities in Open Source Social Network 3.5.

Sitemagic CMS 4.1: XSS
2015 Nov 13

Sitemagic CMS 4.1: XSS

There is a reflected XSS vulnerability in Sitemagic CMS 4.1.

Thelia 2.2.1: XSS
2015 Nov 13

Thelia 2.2.1: XSS

There is a reflected XSS vulnerability in Thelia 2.2.1.

TomatoCart v1.1.8.6.1: XSS
2015 Nov 13

TomatoCart v1.1.8.6.1: XSS

There are two XSS vulnerabilities in TomatoCart v1.1.8.6.1.

TomatoCart v1.1.8.6.1: Code Execution
2015 Nov 13

TomatoCart v1.1.8.6.1: Code Execution

There are two Code Execution vulnerabilities in TomatoCart v1.1.8.6.1.

XCart 5.2.6: Code Execution
2015 Nov 04

XCart 5.2.6: Code Execution

There is a Code Execution vulnerability in the admin area of XCart 5.2.6.

XCart 5.2.6: Path Traversal
2015 Nov 04

XCart 5.2.6: Path Traversal

There is a Path Traversal vulnerability in the admin area of XCart 5.2.6. It makes it possible to list directories and download arbitrary files.

XCart 5.2.6: XSS
2015 Nov 04

XCart 5.2.6: XSS

There are multiple XSS vulnerabilities in XCart 5.2.6.

TheHostingTool 1.2.6: Multiple XSS
2015 Oct 07

TheHostingTool 1.2.6: Multiple XSS

There are multiple XSS vulnerabilities in TheHostingTool 1.2.6.

TheHostingTool 1.2.6: Multiple SQL Injection
2015 Oct 07

TheHostingTool 1.2.6: Multiple SQL Injection

There are multiple SQL Injection vulnerabilities in the admin area of TheHostingTool 1.2.6.

TheHostingTool 1.2.6: Code Execution
2015 Oct 07

TheHostingTool 1.2.6: Code Execution

There is a Code Execution vulnerability in the admin area of TheHostingTool 1.2.6.

Quick.Cart 6.6: Multiple XSS
2015 Oct 07

Quick.Cart 6.6: Multiple XSS

There are multiple XSS vulnerabilities in Quick.Cart 6.6.

Quick.Cart 6.6: CSRF
2015 Oct 07

Quick.Cart 6.6: CSRF

There are multiple CSRF vulnerabilities in Quick.Cart 6.6.

CubeCart 6.0.7: XSS
2015 Oct 07

CubeCart 6.0.7: XSS

There are multiple XSS vulnerabilities in the admin area of CubeCart 6.0.7.

CubeCart 6.0.7: Code Execution
2015 Oct 07

CubeCart 6.0.7: Code Execution

There is a Code Execution vulnerability in the admin area of CubeCart 6.0.7.

Supercali Event Calendar 1.0.8: XSS
2015 Oct 07

Supercali Event Calendar 1.0.8: XSS

There is an XSS vulnerability in Supercali Event Calendar 1.0.8. This issue has not been fixed.

Supercali Event Calendar 1.0.8: CSRF
2015 Oct 07

Supercali Event Calendar 1.0.8: CSRF

There is no CSRF protection in Supercali Event Calendar 1.0.8.

SQLiteManager 1.2.4: Multiple XSS
2015 Oct 07

SQLiteManager 1.2.4: Multiple XSS

There are multiple XSS vulnerabilities in SQLiteManager 1.2.4. This issue has not been fixed.

OpenCart 2.0.3.1: CSRF
2015 Oct 07

OpenCart 2.0.3.1: CSRF

OpenCart 2.0.3.1 does not have CSRF protection for customers.

MyWebSQL 3.6: CSRF
2015 Oct 07

MyWebSQL 3.6: CSRF

MyWebSQL 3.6 does not have CSRF protection.

MiniBB 3.1.1: XSS
2015 Oct 07

MiniBB 3.1.1: XSS

There is an XSS vulnerability in MiniBB 3.1.1.

Chyrp CMS 2.5.2: XSS
2015 Oct 07

Chyrp CMS 2.5.2: XSS

There is an XSS vulnerability in Chyrp CMS 2.5.2. This issue has not been fixed.

SQL Buddy 1.3.3: XSS
2015 Oct 07

SQL Buddy 1.3.3: XSS

There is an XSS vulnerability in SQL Buddy 1.3.3. This issue has not been fixed.

SQL Buddy 1.3.3: CSRF
2015 Oct 07

SQL Buddy 1.3.3: CSRF

The CSRF protection in SQL Buddy 1.3.3. does not work properly. This issue has not been fixed.

Pligg CMS 2.0.2: Multiple SQL Injections
2015 Oct 07

Pligg CMS 2.0.2: Multiple SQL Injections

There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.

Pligg CMS 2.0.2: Directory Traversal
2015 Oct 07

Pligg CMS 2.0.2: Directory Traversal

There is a Directory Traversal vulnerability in the admin area of Pligg CMS 2.0.2. This issue has not been fixed.

Pligg CMS 2.0.2: Code Execution and CSRF
2015 Oct 07

Pligg CMS 2.0.2: Code Execution and CSRF

There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.

ZeusCart 4.0: CSRF
2015 Sep 14

ZeusCart 4.0: CSRF

ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.

ZeusCart 4.0: Code Execution
2015 Sep 14

ZeusCart 4.0: Code Execution

There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.

ZeusCart 4.0: SQL Injection
2015 Sep 14

ZeusCart 4.0: SQL Injection

There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.

ZeusCart 4.0: XSS
2015 Sep 14

ZeusCart 4.0: XSS

There is an XSS vulnerability in ZeusCart 4.0. This issue has not been fixed.

Zen Cart 1.5.4: Code Execution and Information Leak
2015 Sep 14

Zen Cart 1.5.4: Code Execution and Information Leak

There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.

Anchor CMS 0.9.2: XSS
2015 Sep 14

Anchor CMS 0.9.2: XSS

There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.

Serendipity 2.0.1: Blind SQL Injection
2015 Sep 01

Serendipity 2.0.1: Blind SQL Injection

There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.

Serendipity 2.0.1: Persistent XSS
2015 Sep 01

Serendipity 2.0.1: Persistent XSS

There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.

Serendipity 2.0.1: Code Execution
2015 Sep 01

Serendipity 2.0.1: Code Execution

There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.

NibbleBlog 4.0.3: Code Execution
2015 Sep 01

NibbleBlog 4.0.3: Code Execution

There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.

NibbleBlog 4.0.3: CSRF
2015 Sep 01

NibbleBlog 4.0.3: CSRF

There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.

Bolt 2.2.4: Code Execution
2015 Aug 17

Bolt 2.2.4: Code Execution

The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.

ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability
2015 Aug 17

ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability

There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.