Category Archives: Full Disclosure

Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability CSRF
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…

Full Disclosure

Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS

February 16, 2017 007admin

Posted by Curesec Research Team (CRT) on Feb 16

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability XSS
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…

Full Disclosure

"long" filenames mishandled by Fujitsu's ScanSnap software

February 16, 2017 007admin

Posted by Stefan Kanthak on Feb 16

Hi @ll,

Fujitsu’s ScanSnap software installers WinSSInstiX500WW1.exe
and WinSSInstS1100iWW1.exe, available from
<http://www.fujitsu.com/global/support/products/computing/peripheral/scanners/scansnap/software/ix500w-installer.html>
and
<http://www.fujitsu.com/global/support/products/computing/peripheral/scanners/scansnap/software/s1100i.html>,
execute C:Program.exe multiple times near the end of the
installation process….

Full Disclosure

Elefant CMS 1.3.12-RC: Code Execution

February 16, 2017 007admin

Posted by Curesec Research Team (CRT) on Feb 16

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability Code Execution
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…

Full Disclosure

Elefant CMS 1.3.12-RC: Code Execution

February 16, 2017 007admin

Posted by Curesec Research Team (CRT) on Feb 16

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Elefant CMS 1.3.12-RC
Fixed in: 1.3.13
Fixed Version https://github.com/jbroadway/elefant/releases/tag/
Link: elefant_1_3_13_rc
Vendor Website: https://www.elefantcms.com/
Vulnerability Code Execution
Type:
Remote Yes
Exploitable:
Reported to 09/05/2016
vendor:
Disclosed to 02/02/2017
public:
Release mode:…

Full Disclosure

Plone: XSS

February 16, 2017 007admin

Posted by Curesec Research Team (CRT) on Feb 16

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Plone 5.0.5
Fixed in: Hotfix 20170117
Fixed Version Link: https://plone.org/security/hotfix/20170117
Vendor Contact: security () plone org
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 09/05/2016
Disclosed to public: 01/26/2017
Release mode: Coordinated Release
CVE: CVE-2016-7147
Credits…

Full Disclosure

QNAP QTS 4.2.x multiple vulnerabilities

February 16, 2017 007admin

Posted by Harry Sintonen on Feb 15

QNAP QTS 4.2.x multiple vulnerabilities
=======================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/qnap-qts-42-multiple-vulnerabilities.txt

Overview
——–

QNAP QTS firmware contain Missing Transport Layer Security (CWE-319),
Improper Certificate Validation (CWE-295), Command Injection (CWE-77),
Cross-Site Scripting (CWE-79) and Information Exposure (CWE-200)
vulnerabilities…

007 Software

Category Archives: Full Disclosure

PDFMate PDF Converter Pro 1.7.5.0 – Buffer Overflow Vulnerability

Telekom Cloud SSO – Multiple Persistent XSS Vulnerabilities

Lithium Forum – (Compose Message) SSRF Vulnerability

Elefant CMS 1.3.12-RC: CSRF

Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS

"long" filenames mishandled by Fujitsu's ScanSnap software

Elefant CMS 1.3.12-RC: Code Execution

Elefant CMS 1.3.12-RC: Code Execution

Plone: XSS

QNAP QTS 4.2.x multiple vulnerabilities

Software and Security Information