Blog

[webapps] Cobub Razor 0.8.0 – Physical path Leakage

Cobub Razor 0.8.0 – Physical path Leakage


April 20, 2018 0

CVE-2014-4613

Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. (CV…


March 16, 2018 0

[20180301] – Core – SQLi vulnerability User Notes

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.5.0 through 3.8.5
Exploit type: SQLi
Reported Date: 2018-March-08
Fixed Date: 2018-March-12
CVE Number: CVE-2018-8045

Description
The lack of type casting of a variable in SQL st…


March 13, 2018 0

CVE-2012-0941

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, …


February 8, 2018 0

[20180104] – Core – SQLi vulnerability in Hathor postinstall message

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: SQLi
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6376

Description
The lack of type casting of a variable in S…


January 30, 2018 0

[20180103] – Core – XSS vulnerability in Uri class

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.5.0 through 3.8.3
Exploit type: XSS
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6379

Description
Inadequate input filtering in the Uri cl…


January 30, 2018 0

[20180102] – Core – XSS vulnerability in com_fields

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-20
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6377

Description
Inadequate input filtering in com_fields …


January 30, 2018 0

[20180101] – Core – XSS vulnerability in module chromes

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-21
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6380

Description
Lack of escaping in the module chromes le…


January 30, 2018 0

CVE-2012-6667

Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. (CVSS:4.3) (Last Update:2018-01-29)


January 11, 2018 0

CVE-2012-0699

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or…


January 11, 2018 0