4 TOTOLINK router models are backdoored with hardcoded credentials.
9ca4b52af2e1f01e95d564008e9b6c31d1c43d2dd18ac9b2367ff9593944b5754 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities.
ee42e57cb222a8571eb397cc642d24092fc7b9ce794c4736e98942a28f40d66a15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities.
d072f0831923e919022e8fbd4d7bd9357586f76c8cc3e511d592af9cd3edea96WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.
0309ec8cd7dbe37e81c6995f0bb31b5a363fb77bdd24d0b90bc2454f50653838phpVibe versions prior to 4.20 suffer from a persistent cross site scripting vulnerability.
99a7c3ccb97289e5e90665ab5b974a718b5252267a0ac9fee73c005731d233142 crash proof of concept exploits for Internet Download Manager.
5db31f347809c02dd4958a966daa63a1b1af5ffea1857474dbd4213d06bd7703WordPress BuddyPress Activity Plus plugin version 1.5 suffers from cross site request forgery and arbitrary file deletion vulnerabilities.
61aad3a7f270847cbbf9e3c63259099d37595b528db86f197368bc0673bdaad6GetSimpleCMS version 3.3.5 suffers from weak authentication, password leak, code execution, cross site scripting, and denial of service vulnerabilities.
9e524b7da4c827b7782b84debb83677baaca15fd0aaa97f53ec59a867d8bd0c7SPBAS suffers from a price augmentation vulnerability when sending users through Paypal.
99806278509709f3a62a33045db92b1a40aed0b5ef8fc39d9d337862cd0c996dWordPress Subscribe to Comments plugin version 2.1.2 suffers from code execution and local file inclusion vulnerabilities.
4c5f361d4f71da927a1ede8b63f1aebbdf421dbdd9ffd77d4020a51acdca545bWordPress WP Attachment Export plugin version 0.2.3 suffers from an arbitrary file download vulnerability.
9a85df012d25d9b1b45171c582fc339bdd7bb368f32d4d395882bec6755b8998WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.
f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.
2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbfKaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5PFSense version 2.2.2 suffers from a cross site scripting vulnerability.
b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bccArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4fWordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.
f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.
872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.
ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.
9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02fFreiChat version 9.6 suffers from a remote SQL injection vulnerability.
340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3asysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067addWordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.
9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed