Security Advisories

PHPmyfaq SQL Injection
CS-Cart multiple cross-site scripting vulnerabilities

PHPMyFAQ SQL Injection vulnerability

PHPmyfaq version 2.8.12 and earlier contains a SQL Injection vulnerability through the restore function. This functionality is only executable by admin or other users with special permissions.

Version
2.8.12 and earlier
CVE
CVE-2014-6045
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
PHPmyfaq SQL Injection
CS-Cart multiple cross-site scripting vulnerabilities

PHPMyFAQ multiple CSRF vulnerability

PHPmyfaq version 2.8.12 and earlier contains CSRF vulnerabilities :

  • The "delete user" functionality of containing a CSRF vulnerability due to csrf token doesn't getting validated properly. An attacker can delete any active user.
  • An attacker can delete any open question through another CSRF vulnerability because of the lack of a CSRF token.
  • An Attacker can activate any user due to lack of csrf token.
  • An attacker can publish the FAQs due to lack of csrf token.
  • An attacker can add and delete Glossary due to lack of csrf token.
  • An attacker can add and delete FAQ news due to lack of csrf token.
  • An attacker can add, delete comments and even add vote due to lack of csrf tokens.

Version
2.8.12 and earlier
CVE
CVE-2014-6046
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
PHPmyfaq SQL Injection
Incorrect enforcement of privilege restrictions

PHPMyFAQ Incorrect enforcement of privilege restrictions

PHPmyfaq version 2.8.12 and earlier contains incorrect enforcement of privilege restrictions. The check on "download an attachment" permissions is not working properly. A user with having privilege 'Right to add attachments and Right to delete attachments' but cannot 'right to download the attachments'. But still user can able to download attachments.

Version
2.8.12 and earlier
CVE
CVE-2014-6047
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
PHPmyfaq SQL Injection
PHPMyFAQ Direct request to the URL of an attachment

PHPMyFAQ Direct request to the URL of an attachment

PHPmyfaq version 2.8.12 and earlier contains Direct request to the URL of an attachment. The check on "download an attachment" permissions is not working correct, so that anyone can download attachments.

Version
2.8.12 and earlier
CVE
CVE-2014-6048
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
PHPmyfaq SQL Injection
PHPMyFAQ Insecure direct object reference vulnerability

PHPMyFAQ Insecure direct object reference vulnerability

PHPmyfaq version 2.8.12 and earlier contains an Insecure direct object reference vulnerability. An admin having privilege to delete any FAQ multi-site master instance.

Version
2.8.12 and earlier
CVE
CVE-2014-6049
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
PHPmyfaq SQL Injection
PHPMyFAQ Insecure captcha implementation

PHPMyFAQ Insecure captcha implementation

PHPmyfaq version 2.8.12 and earlier contains an improper Captcha implementation, as a result an attacker can replay the request to bypass the Captcha protections on forms.

Version
2.8.12 and earlier
CVE
CVE-2014-6050
Published
September, 16th 2014
First Published
September, 16th 2014
Last Updated
September, 16th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
WordPress plugin wordfence security cross-site scripting vulnerability
WordPress plugin wordfence security cross-site scripting vulnerability

WordPress plugin wordfence security cross-site scripting vulnerability

WordPress Plugin Wordfence security version 5.1.4 and possibly earlier versions contain cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter val of whois.php file.

Version
5.1.4
CVE
CVE-2014-4932
Published
July, 11th 2014
First Published
July, 5th 2014
Last Updated
July, 11th 2014
Credit
Nikhil Srivastava from Techdefencelabs Team
CS-Cart multiple cross-site scripting
CS-Cart multiple cross-site scripting vulnerabilities

CS-Cart multiple cross-site scripting vulnerabilities

CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary script via the vulnerable query string parameters settings_file and data_file of the ampie.swf,amline.swf, or amcolumn.swf files.

Version
4.0.2
CVE
CVE-2013-7317
Published
January, 20th 2013
First Published
January, 23rd 2013
Last Updated
January, 28th 2013
Credit
Nikhil Srivastava from Techdefencelabs Team
Tiki Wiki CMS Groupware cross-site scripting
Tiki Wiki CMS Groupware cross-site scripting vulnerabilities

Tiki Wiki CMS Groupware cross-site scripting vulnerabilities

Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter id of the ZeroClipboard.swf file.

Version
11.0
CVE
CVE-2013-6022
Published
October, 31st 2013
First Published
October, 31st 2013
Last Updated
October, 31st 2013
Credit
Nikhil Srivastava from Techdefencelabs Team
Cube-cart Shopping-Cart Cross Site Scripting
Cube-cart Shopping-Cart Cross Site Scripting vulnerabilities

Cube-cart Shopping-Cart Cross Site Scripting vulnerabilities

Cube-cart version 5.2.3 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter data-file of the open-flash-chart.swf.

Version
5.2.3
CVE
CVE-2011-4550
Published
October, 8th 2013
First Published
October, 8th 2013
Last Updated
October, 8th 2013
Credit
Nikhil Srivastava from Techdefencelabs Team
WordPress ‘Oscar’ Cross Site Scripting
WordPress ‘Oscar’ Cross Site Scripting vulnerabilities

WordPress ‘Oscar’ Cross Site Scripting vulnerabilities

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm, .html and .swf files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file with author level privilege.

Version
3.6
CVE
CVE-2013-5738
Published
September, 14th 2013
First Published
September, 17th 2013
Last Updated
September, 17th 2013
Credit
Nikhil Srivastava from Techdefencelabs Team