WeBid version 1.1.1 suffers from cross site scripting and LDAP injection vulnerabilities.
8d105c182ef624aebd5f05c368cb97564d70f4933625cfef2c42cd9f068f3d2e
Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.
8e21afeab54923d3de27189a323803a9161f7809d6877e69a623691087435de9
HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.
b13c4db73c9c1c434d36ca980312a9413268770cfb76417ed250b35bd357b407
WeBid version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
664795ab23255cbc8b85734dbf2e570c5d2010fe63665bf3278f21d340f67273
WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fd
WeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.
0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcd
Webid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.
18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86
Secunia Security Advisory - Two vulnerabilities have been discovered in WeBid, which can be exploited by malicious people to conduct SQL injection attacks.
43296ad207b7ef0d621b85a129de735634e6cd12979f3f8315e218b3f41ec772
WeBid version 1.0.6 suffers from a remote SQL injection vulnerability.
ef41b2d6bc97d34ca048f725d9b129c4675df101d0c695328fc8a1ead4856ed3
WeBid versions 1.0.5 and below suffer from a directory traversal vulnerability.
691fd6a645c981162b89806c3a38adbbac74928e9a8c6bdd1391a139433a93d9
Ingress Security researchers have found cross site request forgery and cross site scripting vulnerabilities in WeBid versions 1.0.5 and below.
c1f896eea7c21f9264c91d05c357a72a7e8503da4782a9a2857721670657f5c7
WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
cadf34d43c06b4a8884f133bd4533936acc454d86939dd74decdbe83787a788e
This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
80a84c00e66900b12e9cef081970706d89671fdd6de08048a29a545f296cfe05
Secunia Security Advisory - Multiple vulnerabilities have been discovered in WeBid, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information, conduct SQL injection attacks, and compromise a vulnerable system.
a7760aab0c05c80eeea41a1960ec6dff58743848c8f33ab36fecd3b936fbaffc
WeBid versions 1.0.2 and below remote code execution exploit that leverages converter.php.
f2f3420a8b2872219d2626e048e0a240b6198bc3fedd919a8642e94486d2ee2f
WeBid version 1.0.2 suffers from multiple cross site request forgery vulnerabilities.
05b7ea39d283319d934b014dec9d61011e8ed16e7a7ca7a370459f06d5a073bc
WeBid version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
0bce39b5bffc7a4bc13046662ad8b39b8fab588076ace249f26f92528f70f715
Secunia Security Advisory - A vulnerability has been discovered in WeBid, which can be exploited by malicious people to conduct SQL injection attacks.
bdd2f56cb9aeb8e68e6746df120691212d1a55c0a437b2e3bf2d6e388f15a2bb
Secunia Security Advisory - Two vulnerabilities have been discovered in WeBid, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
8adb4ae12970a53edc651d12ba440c304cbfda53a587685f17c0a11bde11ee55
WeBid version 0.8.5P1 suffers from a local file inclusion vulnerability.
5bc0d49ec850e74c752eee1d6ab9e07d79d914d2a7decdf09e963cddad3f65c3
WeBid version 0.8.5P1 suffers from a cross site scripting vulnerability.
f0ff17211f2f42b8ea38d8389d38335766bf84651af3a0a89477ffa0754f600f
Web-Ideas Web Shop Standard suffers from a remote SQL injection vulnerability.
a7651507829dd54dda9a367e89e65463d9f40142716e22b30a0fb2b5bb26f1ea
WeBid version 0.7.3 RC9 suffers from a remote file upload vulnerability in upldgallery.php.
724b8054ac1686214a3888b7b44ef75017f91526d2630701cadc8a98b66e99b0
WeBid versions 0.7.3 RC9 and below suffer from multiple remote file inclusion vulnerabilities.
cc032baa87192c68451ce6313b9f796925f6d37b4d41bef2dba0784a80ffcb8a
WeBid version 0.5.4 remote arbitrary file upload exploit.
871646d66ad7bd0893c2099a7e857ba2ded8afbe1b3dc78416c7516cf93d6ff5
WeBid version 0.5.4 suffers from a SQL injection vulnerability in item.php.
6165be8e00c16246af24b0f104501ff69a686d5548c025090f99e91f3830ac51