WordPress Levo-Slideshow plugin version 2.3 suffers from a remote shell upload vulnerability.
1e3a87c6e895d83107e72876740165625d6152fbd1f136ce8f74484c904d980d
Saudi Softech version 5.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
469f3cbc19e4d487254aa1bad46f568ee3cd14bf7be5a79d8b9e9b9cde2603a8
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
5ff5a696eabb5bfbadbfa14d649ca56aed0b45eefe4a2b3bbc6a6caef18b38e0