webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
ec005fe83de7331a8a07d62daabf90f9ab9273ce575f1297e75142a6f7bfd2ae
ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
a1a0d60bd1a776a335c6c68257966aad56e2df9f4539b06ada46bc128f8763ac
Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
6eccdbf0d02ef4c32c64da9928ac0666d213e0a528332a271898fa571fbd3865
WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
993efa6dd07b224e9bb5b8fdab33d68bb547334c234e6e0ca083f1086bcc1733
WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396
OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
7ce8f234f3fc7d597b6dee841a59a83f9c72744d959a65c980de8c3c542ca5da
OsClass version 3.4.1 suffers from a local file inclusion vulnerability.
b57ade7f6829462047ddce456aabe66c7c6b4e59dec82158f58d6561c00f9dfb
seafile-server version 3.1.5 suffers from a denial of service vulnerability.
292d4506d9d6653341024ec2cafc303a777f6ba126e5032e2a14512b6d41a1b4
Cart Engine version 3.0 suffers from cross site scripting, open redirection, and remote SQL injection vulnerabilities.
93b97ae25238ea635247cf9b07391c3f2b34639a700fb58a83afc6eb85e142ea
Laravel version 2.1 fails to check length prior to password hash creation allowing for possible hash collisions for secrets over 72 characters.
c326cc304eeacde84a1ea946f533f0c9f4c6ce9cfb4ff9339cbc8e8cbada6457
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection.
18e48e1283c1f7e2061ea8e462d3f9d53674f70eece48f0ad2d5d50a28673365
USB & WiFi Flash Drive version 1.3 suffers from a code execution vulnerability.
5f67a4819878789c4eaf919650741ce0f3db9fe98bf25f5622ecb03ec07b13ab
WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.
c99c433d6dd82c7b0776b88fdc07ae76f1b02ea1f79fc372b706050fe5f7185c
OSSEC version 2.8 inherits the umask of the user when adding cleartext passwords to the .passlist file, allowing for them to be world-readable instead of setting the permissions explicitly.
0dfee385226e0fb3dc8f32f7d0068e69fcf46238bec5458dfc665b4a601c7e0a
The CM browser suffers from a same-origin bypass vulnerability.
cb90f770b05e8da7d463a807bfd4d9059503a0f35122054dd9d80e1817d37c57
In-Portal CMS versions 5.2.0 and below suffer from cross site scripting and brute forcing vulnerabilities.
e170753396594323bee4e2556fe03110708728dffbab6e52cabc4c2ee30b0a89
ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.
50969539e307aa3836b82e6e37ce5621a9257c22e78102c9e7849b899b4f8b8f
Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.
ee4769ddc3ccb478d6f4b3846b15011421dba91117c82dee9377af11ba04b175
Aztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.
f6d378232da2f6443ab2049ec99245e887f6a80eb6f0844fa10661d9cbd6ca5d
Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.
75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883
Splendid CRM suffers from a persistent cross site scripting vulnerability.
f3ec24f1b0f8a6f48890014674c1fdd67559525020cc9f604e6360fa1ef742aa
MyITCRM suffers from a persistent cross site scripting vulnerability.
501a32b63637e9bf017927195b228d103c1cebf55f57955460fab48cc9193829
Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.
04c4d92a411b17314d846f4d2d72d2c504c386afce4fbd9c2181d3687821c1dc
Joomla Spider Form Maker versions 3.4 and below suffer from a remote SQL injection vulnerability.
5c25d9bbb458923098a56f057354dcfed35e345f3b132afb9cfcd72b197098bc
Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.
1ea1544a5ebc5aaffe39261af2fcca694eb003fcf7092e12495bbea16b10c3d5