[FD] Stored XSS in 4images <= v1.7.11

2015-09-25 Thread Manuel Garcia Cardenas
= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] Blind SQL Injection in admin panel PHP-Fusion <= v7.02.07

2015-10-05 Thread Manuel Garcia Cardenas
and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - September 18, 2015 1: Initial release October 10, 2015 2: Revision to send to lists XI. DISCLOSURE TIMELINE ----- September 18, 2015 1: Vulnerability acquired by Man

[FD] Time-based SQL Injection in Admin panel UliCMS <= v9.8.1

2016-02-03 Thread Manuel Garcia Cardenas
n discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - January 26, 2016 1: Initial release February 02, 2015 2: Revision to send to lists XI. DISCLOSURE TIMELINE - January 26, 2016 1: Vulnerability acquired by Manuel

[FD] Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9

2016-04-21 Thread Manuel Garcia Cardenas
ot) com). X. REVISION HISTORY - April 8, 2016 1: Initial release April 21, 2016 2: Revision to send to lists XI. DISCLOSURE TIMELINE - April 8, 2016 1: Vulnerability acquired by Manuel Garcia Cardenas April 8, 2016 2: Send to vendor April 15, 2016 3:

[FD] XSS in CMSimple <= v4.6.2

2016-06-01 Thread Manuel Garcia Cardenas
= MGC ALERT 2016-004 - Original release date: May 28, 2016 - Last revised: June 1, 2016 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] Blind SQL Injection PivotX <= v2.3.11

2016-07-15 Thread Manuel Garcia Cardenas
by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - April 14, 2016 1: Initial release April 22, 2016 2: Revision to send to lists XI. DISCLOSURE TIMELINE ----- April 14, 2016 1: Vulnerability acquired by Manuel Garcia Car

[FD] Blind SQL Injection in Exponent CMS <= v2.3.9

2016-09-20 Thread Manuel Garcia Cardenas
ec (at) gmail (dot) com). X. REVISION HISTORY - September 09, 2016 1: Initial release September 20, 2016 2: Revision to send to lists XI. DISCLOSURE TIMELINE - September 09, 2016 1: Vulnerability acquired by Manuel Garcia Cardenas September 09, 2016 2: Send to vendor September

[FD] Reflected XSS in WonderCMS <= v0.9.8

2016-11-22 Thread Manuel Garcia Cardenas
= MGC ALERT 2016-006 - Original release date: Nov 16, 2016 - Last revised: Nov 21, 2016 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] WordPress Plugin Easy Table 1.6 - Persistent Cross-Site Scripting

2017-02-14 Thread Manuel Garcia Cardenas
= MGC ALERT 2017-001 - Original release date: Feb 07, 2017 - Last revised: Feb 12, 2017 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] WordPress Plugin Kama Click Counter 3.4.9 - Blind SQL Injection

2017-02-27 Thread Manuel Garcia Cardenas
ITS - This vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - February 21, 2017 1: Initial release February 28, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE ---

[FD] Piwigo <= v2.6.0 - Blind SQL Injection

2014-11-12 Thread Manuel Garcia Cardenas
--- This vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - January 21, 2014 1: Initial release XI. DISCLOSURE TIMELINE ----- January 21, 2014 1: Vulnerability acquired

[FD] Reflected XSS in Nibbleblog <= v4.0.1

2014-11-17 Thread Manuel Garcia Cardenas
= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] XOOPS <= 2.5.6 - Blind SQL Injection

2014-11-17 Thread Manuel Garcia Cardenas
= MGC ALERT 2014-003 - Original release date: March 6, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 (CVSS Base Score) = I. VULNERABILITY

[FD] WebsiteBaker <=2.8.3 - Multiple Vulnerabilities

2014-11-17 Thread Manuel Garcia Cardenas
= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 (CVSS Base Score) = I. VULNERABILITY

[FD] Zoph <= 0.9.1 - Multiple Vulnerabilities

2014-11-17 Thread Manuel Garcia Cardenas
= MGC ALERT 2014-005 - Original release date: March 5, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 (CVSS Base Score) = I. VULNERABILITY

[FD] WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection

2017-04-09 Thread Manuel Garcia Cardenas
his vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - April 06, 2017 1: Initial release April 10, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE - April 06, 2017 1: Vulnerability ac

[FD] SQL Injection in TheoCMS <= 2.0

2017-08-11 Thread Manuel Garcia Cardenas
idsec (at) gmail (dot) com). X. REVISION HISTORY - July 11, 2017 1: Initial release August 12, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE - July 11, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas July 11, 2017 2: Send to vendor July

[FD] Backdrop CMS <= 1.7.1 - Persistent Cross-Site Scripting

2017-08-22 Thread Manuel Garcia Cardenas
= MGC ALERT 2017-005 - Original release date: July 11, 2017 - Last revised: August 18, 2017 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) = I. VULNERABILITY

[FD] WordPress Plugin Responsive Image Gallery 1.1.8 - SQL Injection

2017-09-22 Thread Manuel Garcia Cardenas
--- This vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - September 01, 2017 1: Initial release September 25, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE

[FD] SyncBreeze <= 10.2.12 - Denial of Service

2017-12-15 Thread Manuel Garcia Cardenas
ported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - November 30, 2017 1: Initial release December 14, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE - November 30, 2017 1: Vulnerability acquired by Manue

[FD] PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH)

2018-01-13 Thread Manuel Garcia Cardenas
García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - December 22, 2017 1: Initial release January 12, 2018 2: Revision to send to lists XI. DISCLOSURE TIMELINE --------- December 22, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas December 22, 20

[FD] SQL Injection in Textpattern <= 4.6.2

2018-03-13 Thread Manuel Garcia Cardenas
t) com). X. REVISION HISTORY - February 12, 2018 1: Initial release March 12, 2018 2: Revision to send to lists XI. DISCLOSURE TIMELINE ----- February 12, 2018 1: Vulnerability acquired by Manuel Garcia Cardenas February 12, 2018 2: Send to vendor without

[FD] Kodi <= 17.6 - Persistent Cross-Site Scripting

2018-04-17 Thread Manuel Garcia Cardenas
= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2018-8831 = I

[FD] WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection

2018-06-14 Thread Manuel Garcia Cardenas
gmail (dot) com). X. REVISION HISTORY - May 10, 2018 1: Initial release June 11, 2018 2: Revision to send to lists XI. DISCLOSURE TIMELINE ----- May 10, 2018 1: Vulnerability acquired by Manuel Garcia Cardenas May 10, 2018 2: Send to vendor without res

[FD] WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion

2018-09-20 Thread Manuel Garcia Cardenas
- August 31, 2018 1: Initial release September 19, 2018 2: Revision to send to lists XI. DISCLOSURE TIMELINE - August 31, 2018 1: Vulnerability acquired by Manuel Garcia Cardenas August 31, 2018 2: Email to vendor without response September 10, 2018

[FD] WordPress Plugin Localize My Post 1.0 - Local File Inclusion

2018-09-20 Thread Manuel Garcia Cardenas
and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY - August 31, 2018 1: Initial release September 19, 2018 2: Revision to send to lists XI. DISCLOSURE TIMELINE - August 31, 2018 1: Vulnerability acquired by Manuel

[FD] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

2019-03-16 Thread Manuel Garcia Cardenas
ts XI. DISCLOSURE TIMELINE - February 06, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas February 06, 2019 2: Email to vendor without response February 21, 2019 3: Second email to vendor without response March 13, 2019 4: Send to the Full-Disclosure lists XII. LEGAL NOTICES --

[FD] CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

2019-05-24 Thread Manuel Garcia Cardenas
= MGC ALERT 2019-002 - Original release date: April 10, 2019 - Last revised: May 22, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2019-11226 = I

[FD] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

2019-09-13 Thread Manuel Garcia Cardenas
= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 (CVSS Base Score) - CVE-ID: CVE-2019-12922 = I

[FD] Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting

2020-05-22 Thread Manuel Garcia Cardenas
= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2020-8789 = I