Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities.
c5bc8a3e9c7c1dcc21b2e1c2db019482Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
1eaa7cb9bcc95f42fb737185ee768e3dSpider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
ef43d2cf678bd3af7340cf9881abded6This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
0f98ac49e2a0e97b78d728dd67072274phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.
a19f7b563bcfd27ec869d2b00fdd590bphpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability.
03335a29baae9491a33ee4b265c32336mRemote version 1.50 suffers from an update spoofing vulnerability.
5f0a05105f4eac25a94fcdac8802592fRoyal TS version 2.1.5 suffers from an update spoofing vulnerability.
716632b0b203b43be35e845638c4c9b1LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.
645d9184c722c4ebf8a8cd85e7f54810OpenCart version 1.5.5.1 suffers from a directory traversal vulnerability.
913e42fd7df4415a289dd82aa2d74ecePHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
eadd12888d7ffd1ee998cbf595a1c10bZenphoto version 1.4.3.3 suffers from multiple vulnerabilities including an administrative interface exposure, cross site scripting, file restriction bypass, path disclosure, and remote SQL injection vulnerabilities.
2f60ce75dd49b8aaa8b4ae9542b059d5WordPress FoxyPress plugin version 0.4.2.5 suffers from cross site request forgery, cross site scripting, path disclosure, remote shell upload, open redirect, and remote SQL injection vulnerabilities.
e44f54fc880cd61618e25f10fa7a4eb6WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
1798752200454dd6f75de4aecc6a5bd0WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.
b890a9a3e2212a99dfe4390948d22fb1WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.
798c584e637f9368f7d174b90f1c2fb4phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.
e645edbaa7854fb3332c60b8de127efaThomson SpeedTouch ST780, by design, has mixed content in the DOM during an SSL encapsulated session.
fb05f515c38819c36c89573aa5785d84TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
80f944bda396bc57c5a55368cbeda7aaJoomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.
17a3b6890babbd1c67d14005a7cd4e11Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.
27da82ecd8ff206a83c29d3f06faeb11Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability.
ecfaab8d4fd92acdcb7480a6b094094fUploadify Integration version 0.9.6 suffers from multiple reflective cross site scripting vulnerabilities.
9d269013c32f852cb91e889e51185a9cOpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities.
647b793cca6ece470eaafd5c3a73746cUploadify version 2.1.4 suffers from cross site scripting, arbitrary file upload, and file existence disclosure vulnerabilities.
52753f2c1a8feb0b100c32e1f44b5044
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed