darksecurity.de | Entries tagged as saarland

SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Posted by Stefan Schurtz on Wednesday, January 8. 2014

^Advisory:	Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:	SSCHADV2014-001
Author:	Stefan Schurtz
Affected Software:	Successfully tested on WP-Members Version 2.8.9
Vendor URL:	http://wordpress.org/plugins/wp-members/
Vendor Status:	fixed

======================
Vulnerability Description
======================

The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities

Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"

[Video] - SSCHADV2013-009 - store.apple.com - DOM based Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Tuesday, June 11. 2013

Here is a video for my advisory "SSCHADV2013-009 – store.apple.com – DOM based Cross-site Scripting vulnerability"

And here is a link to the video on youtube: http://youtu.be/qlTZD3ri_wU

Enjoy yourself!

SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga

Posted by on Saturday, March 12. 2011

Advisory:	Cross-Site Scripting vulnerability in Icinga
Advisory ID:	SSCHADV2011-003
Author:	Stefan Schurtz
Affected Software:	Successfully tested on: icinga-1.3.0 / icinga-1.2.1
Vendor URL:	http://www.icinga.org
Vendor Status:	statusmap.cgi: fixed XSS vulnerability #1281 Target version set to 1.4
OSVDB-ID:	71052

======================
Vulnerability Description:
======================

This is a Cross-Site Scripting vulnerability

JavaScript can be included in style sheets by using "expression()" (IE only)

==============
Technical Details:
==============

Continue reading "SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga"

SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios

Posted by Stefan Schurtz on Wednesday, March 9. 2011

Advisory:	Cross-Site Scripting vulnerability in Nagios
Advisory ID:	SSCHADV2011-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on: nagios-3.2.0 / nagios-3.2.3
Vendor URL:	http://www.nagios.org
Vendor Status:	fixed
CVE-ID:	2011-1523
OSVDB-ID:	71059

======================
Vulnerability Description:
======================

This is a Cross-Site Scripting vulnerability

JavaScript can be included in style sheets by using "expression()" (IE only)

==============
Technical Details:
==============

Continue reading "SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios"

SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga

Posted by Stefan Schurtz on Monday, March 7. 2011

Advisory:	Cross-Site Scripting vulnerabilities in Icinga
Advisory ID:	SSCHADV2011-001
Author:	Stefan Schurtz
Affected Software:	Successfully tested on icinga-1.3.0 / icinga-1.2.1
Vendor URL:	http://www.icinga.org
Vendor Status:	fixed csv export link to make it XSS save (IE) #1275
OSVDB-ID:	71050

======================
Vulnerability Description:
======================

This is Cross-Site Scripting vulnerability

==============
Technical Details:
==============

Continue reading "SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	June '23
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30