Joomla 1.5.26 ja_purity Cross Site Scripting
Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.
View ArticleJoomla 2.5.4 Cross Site Scripting
Joomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.
View ArticleTorrentTrader 2.08 XSS / Directory Traversal / Bypass
TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
View ArticleThomson SpeedTouch ST780 Insecure SSL Connection
Thomson SpeedTouch ST780, by design, has mixed content in the DOM during an SSL encapsulated session.
View ArticlephpMyBitTorrent 2.04 SQL Injection / Local File Inclusion
phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.
View ArticleWordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.
View ArticleWordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.
View ArticleWordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
View ArticleWordPress FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection
WordPress FoxyPress plugin version 0.4.2.5 suffers from cross site request forgery, cross site scripting, path disclosure, remote shell upload, open redirect, and remote SQL injection vulnerabilities.
View ArticleZenphoto 1.4.3.3 SQL Injection / Interface Exposure / XSS
Zenphoto version 1.4.3.3 suffers from multiple vulnerabilities including an administrative interface exposure, cross site scripting, file restriction bypass, path disclosure, and remote SQL injection...
View ArticlePHP-Fusion 7.02.05 XSS / LFI / SQL Injection
PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
View ArticleOpenCart 1.5.5.1 Directory Traversal
OpenCart version 1.5.5.1 suffers from a directory traversal vulnerability.
View ArticleLibreOffice 4.0.1.2 Update Spoofing
LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.
View ArticleRoyal TS 2.1.5 Update Spoofing
Royal TS version 2.1.5 suffers from an update spoofing vulnerability.
View ArticlemRemote 1.50 Update Spoofing
mRemote version 1.50 suffers from an update spoofing vulnerability.
View ArticlephpMyAdmin 3.5.7 Cross Site Scripting
phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability.
View ArticlephpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.
View ArticlephpMyAdmin Authenticated Remote Code Execution
This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1...
View ArticleSpider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection
Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
View ArticleSpider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL...
Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
View Article
