Re: [FD] SQLiteManager 1.2.4: Multiple XSS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 03, 2015 at 12:06:20PM +0100, Curesec Research Team (CRT) wrote: > SQLiteManager 1.2.4: Multiple XSS > http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&function=";>alert(1) > http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&table=

[FD] Joomla CMS - Bad Cryptography - Multiple Vulnerabilities

Hi OSS-Sec, Full Disclosure, MITRE, and friends, I spent roughly half an hour looking at Joomla (and picking up my jaw from the floor at how bad their crypto is), and this is what I found: https://github.com/joomla/joomla-cms/issues/created_by/paragonie-scott It seems to hit the jackpot at "bad

[FD] TestLink 1.9.14 CSRF Vulnerability

Information = Name: CSRF Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: = Cross Site Re

[FD] TestLink 1.9.14 Persistent XSS

Information = Name: Persistent XSS Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: = Per