Tag: ITAS TEAM

18

Apr2019
Itas Security Team has found several security gaps on Open EDX. Open EDX is an online education system developed by Harvard and MIT in 2012. It is used by many international organizations, including Microsoft, IBM, Harvard University, Stanford University, and other organizations. During our security testing for clients using the ... Read More
April 18, 2019admin

12

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 12, 2018admin

10

Dec2018
ITAS Team has just found out a Cross-Site Scripting vulnerability in Zeuscard CMS. ITAS Team recommend that any individual or company is using this CMS should note and fix as soon as posible. 1. Vulnerability information: – Vulnerability: Cross-Site Scripting – Vendor: http://www.zeuscart.com – Download link: http://zeuscart.com/download/ – Affected version: Zeuscart V4 – CVSS v3.0 ... Read More
December 10, 2018admin

10

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise begin and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in ProjectSend r561. The issue is due to using the function to sanitize user-supplied input-data from ‘id’ parameter incorrectly. This may allows remote attackers to execute arbitrary SQL commands via that parameter. Individuals and organizations are using this should note and give the ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out multiple SQL Injection vulnerabilities in Sefrengo CMS v1.6.1. The issues are due to the some scripts not properly sanitizing user-supplied input-data. These SQL injection vulnerabilities allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in articleFR CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter… Individuals and organizations are using this CMS should note and give the solution to ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a Arbitrary File Upload vulnerability in articleFR CMS. Vulnerabilities related to the upload of unexpected file types is unique in that the upload should quickly reject a file if it does not have a specific extension. Additionally, this is different from uploading malicious files in that ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in Redaxscript 2.2.0 CMS . The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter. Individuals and organizations are using this should update the latest patch Redaxscript ... Read More
December 10, 2018admin

10

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 10, 2018admin