WeBid version 1.1.1 suffers from cross site scripting and LDAP injection vulnerabilities.
8d105c182ef624aebd5f05c368cb97564d70f4933625cfef2c42cd9f068f3d2eChrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.
8e21afeab54923d3de27189a323803a9161f7809d6877e69a623691087435de9HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.
b13c4db73c9c1c434d36ca980312a9413268770cfb76417ed250b35bd357b407WeBid version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
664795ab23255cbc8b85734dbf2e570c5d2010fe63665bf3278f21d340f67273WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fdWeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.
0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcdWebid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.
18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86Secunia Security Advisory - Two vulnerabilities have been discovered in WeBid, which can be exploited by malicious people to conduct SQL injection attacks.
43296ad207b7ef0d621b85a129de735634e6cd12979f3f8315e218b3f41ec772WeBid version 1.0.6 suffers from a remote SQL injection vulnerability.
ef41b2d6bc97d34ca048f725d9b129c4675df101d0c695328fc8a1ead4856ed3WeBid versions 1.0.5 and below suffer from a directory traversal vulnerability.
691fd6a645c981162b89806c3a38adbbac74928e9a8c6bdd1391a139433a93d9Ingress Security researchers have found cross site request forgery and cross site scripting vulnerabilities in WeBid versions 1.0.5 and below.
c1f896eea7c21f9264c91d05c357a72a7e8503da4782a9a2857721670657f5c7WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
cadf34d43c06b4a8884f133bd4533936acc454d86939dd74decdbe83787a788eThis Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
80a84c00e66900b12e9cef081970706d89671fdd6de08048a29a545f296cfe05Secunia Security Advisory - Multiple vulnerabilities have been discovered in WeBid, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information, conduct SQL injection attacks, and compromise a vulnerable system.
a7760aab0c05c80eeea41a1960ec6dff58743848c8f33ab36fecd3b936fbaffcWeBid versions 1.0.2 and below remote code execution exploit that leverages converter.php.
f2f3420a8b2872219d2626e048e0a240b6198bc3fedd919a8642e94486d2ee2fWeBid version 1.0.2 suffers from multiple cross site request forgery vulnerabilities.
05b7ea39d283319d934b014dec9d61011e8ed16e7a7ca7a370459f06d5a073bcWeBid version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
0bce39b5bffc7a4bc13046662ad8b39b8fab588076ace249f26f92528f70f715Secunia Security Advisory - A vulnerability has been discovered in WeBid, which can be exploited by malicious people to conduct SQL injection attacks.
bdd2f56cb9aeb8e68e6746df120691212d1a55c0a437b2e3bf2d6e388f15a2bbSecunia Security Advisory - Two vulnerabilities have been discovered in WeBid, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
8adb4ae12970a53edc651d12ba440c304cbfda53a587685f17c0a11bde11ee55WeBid version 0.8.5P1 suffers from a local file inclusion vulnerability.
5bc0d49ec850e74c752eee1d6ab9e07d79d914d2a7decdf09e963cddad3f65c3WeBid version 0.8.5P1 suffers from a cross site scripting vulnerability.
f0ff17211f2f42b8ea38d8389d38335766bf84651af3a0a89477ffa0754f600fWeb-Ideas Web Shop Standard suffers from a remote SQL injection vulnerability.
a7651507829dd54dda9a367e89e65463d9f40142716e22b30a0fb2b5bb26f1eaWeBid version 0.7.3 RC9 suffers from a remote file upload vulnerability in upldgallery.php.
724b8054ac1686214a3888b7b44ef75017f91526d2630701cadc8a98b66e99b0WeBid versions 0.7.3 RC9 and below suffer from multiple remote file inclusion vulnerabilities.
cc032baa87192c68451ce6313b9f796925f6d37b4d41bef2dba0784a80ffcb8aWeBid version 0.5.4 remote arbitrary file upload exploit.
871646d66ad7bd0893c2099a7e857ba2ded8afbe1b3dc78416c7516cf93d6ff5WeBid version 0.5.4 suffers from a SQL injection vulnerability in item.php.
6165be8e00c16246af24b0f104501ff69a686d5548c025090f99e91f3830ac51
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed