Tags archives: unix

 

0

Supr Shopsystem 5.1.0 Cross Site Scripting

Document Title: =============== Supr Shopsystem v5.1.0 – Persistent UI Vulnerability     References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1353     Release Date: ============= 2014-11-07     Vulnerability Laboratory ID (VL-ID): ==================================== 1353     Common Vulnerability Scoring System: ==================================== 3.1     Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each [...]

 

0

WordPress CM Download Manager 2.0.0 Code Injection

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds – https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version: 2.0.4 Google dork: inurl:cmdownloads Reported by: Phi Le Ngoc – phi.n.le@itas.vn Credits to ITAS Team – www.itas.vn     ::DESCRITION::   The code injection [...]

 

0

WordPress SP Client Document Manager 2.4.1 SQL Injection

Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product: https://wordpress.org/plugins/sp-client-document-manager/ Affected version: version 2.4.1 and previous version Fixed version: N/A Google dork: inurl:wp-content/plugins/sp-client-document-manager Reported by: Dang Quoc Thai – thai.q.dang (at) itas (dot) vn Credits to ITAS Team – www.itas.vn     ::DESCRITION::   Multiple [...]

 

0

WordPress 3.9.2 Cross Site Scripting

  OVERVIEW ========   A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don’t require authentication by default.   The JavaScript injected into a comment is executed when the target user views it, either on a blog [...]

 

0

Joomla Simple Email Form 1.8.5 Cross Site Scripting

Advisory ID: HTB23241 Product: Simple Email Form Joomla Extension Vendor: Doug Bierer Vulnerable Version(s): 1.8.5 and probably prior Tested Version: 1.8.5 Advisory Publication: October 29, 2014 [without technical details] Vendor Notification: October 29, 2014 Public Disclosure: November 19, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8539 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) [...]

 

0

Snowfox CMS 1.0 Open Redirect

Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability     Vendor: Globiz Solutions Product web page: http://www.snowfoxcms.org Affected version: 1.0   Summary: Snowfox is an open source Content Management System (CMS) that allows your website users to create and share content based on permission configurations.   Desc: Input passed via the ‘rd’ GET parameter in [...]

 

0

XOOPS 2.5.6 SQL Injection

============================================= MGC ALERT 2014-003 – Original release date: March 6, 2014 – Last revised: November 18, 2014 – Discovered by: Manuel Garcia Cardenas – Severity: 7,1/10 (CVSS Base Score) =============================================   I. VULNERABILITY ————————- Blind SQL Injection in XOOPS <= 2.5.6   II. BACKGROUND ————————- XOOPS is an acronym of “eXtensible Object Oriented Portal System”. [...]

 

0

Proticaret E-Commerce Script 3.0 SQL Injection

Document Title: ============ Proticaret E-Commerce Script v3.0 >= SQL Injection   Release Date: =========== 13 Nov 2014   Product & Service Introduction: ======================== Proticaret is a free e-commerce script.   Abstract Advisory Information: ======================= BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0   Vulnerability Disclosure Timeline: ========================= 20 Oct 2014 [...]

 

0

Pandora FMS 5.1SP1 Cross Site Scripting

I. VULNERABILITY   ————————-   XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 – Revisión PC141031   II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.   DESCRIPTION ————————- Has been [...]

 

0

Openkm Document Management System 6.4.17 Cross Site Scripting

Openkm Document Management System Suffers From Cross Site Scripting Attack   http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili ties/openkm.jpg   Version <=6.4.17 Software Test http://demo.openkm.com/OpenKM/login.jsp Auther : <https://www.facebook.com/khalil.shr> Khalil <https://www.facebook.com/khalil.shr> Shreateh   Auther Website: http://khalil-shreateh.com Status : Reported . Report Link : http://issues.openkm.com/view.php?id=3056   Attack Description   log in with any user Navigate to : <http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale rt%28%22XSS%20BY%20KHALIL%20SHREATEHnkhalil-shreateh.com%22%29%3C/script%3E > http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer t%28%22XSS%20BY%20KHALIL%20SHREATEHnkhalil-shreateh.com%22%29%3C/script%3E   [...]