Posted by INURL Brasil on Sep 15
*# VENTOR: * www.ibooking.com.br
*# Vulnerable versions:* ALL
*# File: * filtro_faixa_etaria.php
*# Parameter: * idPousada(GET)
*# DORK: * intext:”Desenvolvido por ibooking”
*# Reported:* 15/10/2015
#
———————————————————————————
# AUTOR: Cleiton Pinheiro / Nick: googleINURL
# EMAIL: inurlbr ()…
Posted by Curesec Research Team (CRT) on Sep 15
Anchor CMS 0.9.2: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Anchor CMS 0.9.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: Website: http://anchorcms.com/
Vulnerability Type: XSS and Open Redirect
Remote Exploitable: Yes
Reported to vendor: 07/30/2015
Disclosed to public: 09/14/2015
Release mode: Full…
Posted by Curesec Research Team (CRT) on Sep 15
Zen Cart 1.5.4: Code Execution and Information Leak
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: Zen Cart 1.5.4
Fixed in: partial fix via patch
Partial Patch Link:
https://www.zen-cart.com/showthread.php?218239-curesec-security-report-Patch-Included
Vendor Contact: security () zen-cart com
Vulnerability Type: Code Execution and Information Leak
Remote Exploitable:…
Posted by Curesec Research Team (CRT) on Sep 15
ZeusCart 4.0: XSS
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: support () zeuscart com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 08/13/2015
Disclosed to public: 09/14/2015
Release mode: Full Disclosure
CVE:…
Posted by Curesec Research Team (CRT) on Sep 15
ZeusCart 4.0: SQL Injection
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: support () zeuscart com
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 08/13/2015
Disclosed to public: 09/14/2015
Release mode: Full Disclosure
CVE:…
Posted by Curesec Research Team (CRT) on Sep 15
ZeusCart 4.0: Code Execution
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: support () zeuscart com
Vulnerability Type: Code Execution
Remote Exploitable: Yes
Reported to vendor: 08/13/2015
Disclosed to public: 09/14/2015
Release mode: Full Disclosure
CVE:…
Posted by Curesec Research Team (CRT) on Sep 15
ZeusCart 4.0: CSRF
Security Advisory – Curesec Research Team
1. Introduction
Affected Product: ZeusCart 4.0
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: support () zeuscart com
Vulnerability Type: CSRF
Remote Exploitable: Yes
Reported to vendor: 08/13/2015
Disclosed to public: 09/14/2015
Release mode: Full Disclosure
CVE:…
Posted by Dawid Golunski on Sep 15
=============================================
– Release date: 14.09.2015
– Discovered by: Dawid Golunski
– Severity: High
=============================================
I. VULNERABILITY
————————-
Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
II. BACKGROUND
————————-
– Kirby CMS
“Kirby is a file‑based CMS
Easy to setup. Easy to use. Flexible as hell.”
Posted by Dawid Golunski on Sep 15
=============================================
– Release date: 14.09.2015
– Discovered by: Dawid Golunski
– Severity: Medium/High
=============================================
I. VULNERABILITY
————————-
Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
II. BACKGROUND
————————-
– Kirby CMS
“Kirby is a file‑based CMS
Easy to setup. Easy to use. Flexible as hell.”
Original release date: September 15, 2015
WordPress 4.3 and prior versions contains two cross-site scripting vulnerabilities and a potential privilege escalation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.3.1.
This product is provided subject to this Notification and this Privacy & Use policy.