Cure53 - Found vulnerabilities
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
#DescriptionLevelAffected backendsAffected versionsStatusComments
2
CLP-01-001DOMXSS in Clipperz Bookmarklet via benign HTML InjectionMediumAllBetaWon't fixThis vulnerability does not affect data stored on Clipperz and it was already fixed in the /gamma version. Furthermore the bookmarklet won't be part of the upcoming /delta version.
3
CLP-01-002Remote Code Execution in PHP BackendCriticalPHPBeta/GammaWon't fixPHP and Python backends are clearly stated as suitable only for testing or educational purposes only. We'll leave it up to the community to improve them.
4
CLP-01-003SQL Injection in PHP BackendHighPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
5
CLP-01-004Reflective Cross-Site Scripting in PHP BackendMediumPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
6
CLP-01-005Local Cross-Site Scripting in PHP BackendLowPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
7
CLP-01-006Unauthenticated Data Modification in PHP BackendInfoPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
8
CLP-01-007Session Fixation in PHP and Python BackendLowPHP/PythonBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
9
CLP-01-008File Disclosure in Java Backend on WindowsLow
Java+Windows
Beta/Gamma/Delta
Won't fixThe Java backend has always been running on Linux. No plans to change in the future.
10
CLP-01-009Unfiltered Street Address Data causes Self-XSSMediumAllBetaWon't fixIt affect only the /beta version that is going to be dismissed soon. Current /gamma version is not affected.
11
CLP-01-010Reflection Injection in PHP BackendLowPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
12
CLP-01-011Static window.name after Card Creation or EditingLowAllAllTo be fixedUnlikely to become an effective attack vector.
13
CLP-01-012No ID-Collision check disables Close ButtonLowAllAllWon't fixSee other bookmarklet related vulnerabilities
14
CLP-01-013Information Leakage in PHP BackendLowPHPBeta/GammaWon't fixSee other PHP/Python only vulnerabilities.
15
CLP-01-014Persistent XSS via Direct Login from BookmarkletCriticalAllBetaFixedhttps://github.com/clipperz/password-manager/commit: ed6b4edc82b0f65c77980713cd525053fcbc1dd2
16
CLP-01-015Persistent XSS on Index Page via Direct Login FaviconCriticalAllBetaFixedhttps://github.com/clipperz/password-manager/commit: ed6b4edc82b0f65c77980713cd525053fcbc1dd2
17
CLP-01-016SRP Implementation vulnerable to known AttacksHighAllAllFixedhttps://github.com/clipperz/password-manager/commit:
7fdb41fa2b1f621636882ad9059c1f3ecfb74083
18
CLP-01-017SRP Authentication BypassCriticalAllAllFixedFixed on the private Java backend.
commit:194b742711e3
19
CLP-01-018Weak PRNG in use by Clipperz Crypto-LibrariesMediumAllAllPartial fixIncluded window.crypto.getRandomValues() as a further source of the Fortuna algorithm.
20
CLP-01-019Erroneous Code used in SHA ModuleLowAllAllTo be fixedNot exploitable by an attacker.
21
CLP-01-020Dead Code used in Clipperz Crypto ModulesLowAllAllTo be fixedBackward compatibility may arise.
22
CLP-01-021AES Block Cipher differs from StandardLowAllAllTo be fixedIncrementing the nonce is equivalent to xoring the incremented counter with the nonce. Isn't it?
23
CLP-01-022Usage of outdated MochiKit LibraryLowAllAllFixedAll used MochiKit functions updated to the most recent version.
24
CLP-01-023Usage of outdated YUI LibraryLowAllAllTo be fixedClipperz uses very few functions of an old version of the YUI Library. There are no reports of related vunerabilities.
25
CLP-01-024MitM attack allows execution of Privileged FunctionsMediumAllAllTo be fixedDue to additional restrictions posed by Clipperz design, the confidentiality and integrity of the stored data will not be compromised.
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Loading...
Main menu