Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
d73101b6b0b0b0f02a6ec88ff295af50Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
f77d1da16377bd36480710245f667fb2Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
0adaddcd0d7b534ec114223d7660feb1Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
91c1b88ab3d81c67800e22cebc73902ePureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.
bc09db910165ef220d5ab399ca475c2dSugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.
2ab4e697942a1f1e39de181287dee068WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.
171fbf4af364b138825c12c2a1ba6464WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.
3ca8963a8f503e09a95c667231a768d8WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.
396bea3f46a47c839564e82ee3df2688WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
fd4e207ff9fc3d6be29efbcdeb30fa9eWordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
89af3a8114d77b162a390a6d6b1874e9WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
ee588dbd58069595df55af0f7982b6d0WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
a02c1bb177145fdea032f28a60278396WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
80eca9af5e5ecacd33c8d526809fd7a8During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
b8e9abcbfbba8f6e6349871a393da400During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
6fac5f12b988c5d618dd41e90f4d5591WordPress Podlove Podcast Publisher plugin versions 2.5.3 and below suffer from a remote SQL injection vulnerability.
7644c1e718ad96e70260bb88694784a8WordPress PressForward plugin versions 4.3.0 and below suffer from a cross site scripting vulnerability.
c1bc43011a404f94f827c88a862b2af5WordPress Easy Modal plugin versions 2.0.17 and below suffer multiple remote SQL injection vulnerabilities.
542c9307580448eb3f35d4186895bd12IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. Version 12.10 is affected.
a6b494ac98eda0f50077d89e22e9c8cfIBM DB2 versions 9.7, 10.1, 10.5, and 11.1 suffer from a command line process buffer overflow vulnerability.
5d5fdc9afef069a12acc4631e4723b9aWordPress No External Links plugin versions 3.5.17 and below suffer from a cross site scripting vulnerability.
ee7fddf32f860d0d45b3a0bffdf6d2e6WordPress Tribulant Newsletters plugin versions 4.6.4.2 and below suffer from cross site scripting and file disclosure vulnerabilities.
b670de76da3bd53baa8500a2963d55cfWordPress Simple Slideshow Manager plugin versions 2.2 and below suffer from multiple cross site scripting vulnerabilities.
6cafb010fb20043a5898706c8f032a6dWordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.
c6a3f59b74239220d0fd9a314f2789bb
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed