4 TOTOLINK router models are backdoored with hardcoded credentials.
9ca4b52af2e1f01e95d564008e9b6c31d1c43d2dd18ac9b2367ff9593944b575
4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities.
ee42e57cb222a8571eb397cc642d24092fc7b9ce794c4736e98942a28f40d66a
15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities.
d072f0831923e919022e8fbd4d7bd9357586f76c8cc3e511d592af9cd3edea96
WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.
0309ec8cd7dbe37e81c6995f0bb31b5a363fb77bdd24d0b90bc2454f50653838
phpVibe versions prior to 4.20 suffer from a persistent cross site scripting vulnerability.
99a7c3ccb97289e5e90665ab5b974a718b5252267a0ac9fee73c005731d23314
2 crash proof of concept exploits for Internet Download Manager.
5db31f347809c02dd4958a966daa63a1b1af5ffea1857474dbd4213d06bd7703
WordPress BuddyPress Activity Plus plugin version 1.5 suffers from cross site request forgery and arbitrary file deletion vulnerabilities.
61aad3a7f270847cbbf9e3c63259099d37595b528db86f197368bc0673bdaad6
GetSimpleCMS version 3.3.5 suffers from weak authentication, password leak, code execution, cross site scripting, and denial of service vulnerabilities.
9e524b7da4c827b7782b84debb83677baaca15fd0aaa97f53ec59a867d8bd0c7
SPBAS suffers from a price augmentation vulnerability when sending users through Paypal.
99806278509709f3a62a33045db92b1a40aed0b5ef8fc39d9d337862cd0c996d
WordPress Subscribe to Comments plugin version 2.1.2 suffers from code execution and local file inclusion vulnerabilities.
4c5f361d4f71da927a1ede8b63f1aebbdf421dbdd9ffd77d4020a51acdca545b
WordPress WP Attachment Export plugin version 0.2.3 suffers from an arbitrary file download vulnerability.
9a85df012d25d9b1b45171c582fc339bdd7bb368f32d4d395882bec6755b8998
WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.
f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1
Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.
2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbf
Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5
PFSense version 2.2.2 suffers from a cross site scripting vulnerability.
b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bcc
ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162
ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4f
WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468
Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.
f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66
phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.
872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249
Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.
ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997
The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.
9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02f
FreiChat version 9.6 suffers from a remote SQL injection vulnerability.
340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a
sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067add
WordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.
9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4