Tag: ITAS

10

Dec2018
ITAS Team has just found out a Cross-Site Scripting vulnerability in Zeuscard CMS. ITAS Team recommend that any individual or company is using this CMS should note and fix as soon as posible. 1. Vulnerability information: – Vulnerability: Cross-Site Scripting – Vendor: http://www.zeuscart.com – Download link: http://zeuscart.com/download/ – Affected version: Zeuscart V4 – CVSS v3.0 ... Read More
December 10, 2018admin

10

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in ProjectSend r561. The issue is due to using the function to sanitize user-supplied input-data from ‘id’ parameter incorrectly. This may allows remote attackers to execute arbitrary SQL commands via that parameter. Individuals and organizations are using this should note and give the ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out multiple SQL Injection vulnerabilities in Sefrengo CMS v1.6.1. The issues are due to the some scripts not properly sanitizing user-supplied input-data. These SQL injection vulnerabilities allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in articleFR CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter… Individuals and organizations are using this CMS should note and give the solution to ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a Arbitrary File Upload vulnerability in articleFR CMS. Vulnerabilities related to the upload of unexpected file types is unique in that the upload should quickly reject a file if it does not have a specific extension. Additionally, this is different from uploading malicious files in that ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in Redaxscript 2.2.0 CMS . The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter. Individuals and organizations are using this should update the latest patch Redaxscript ... Read More
December 10, 2018admin

10

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in Microweber CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter… Individuals and organizations are using this CMS should update the latest patch (version 0.95 ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team discovered multiple SQL Injection vulnerabilities in PBBoard CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data… Individuals and organizations ... Read More
December 10, 2018admin