3 matches found
Mobile Menace Monday: FakeGift is the gift that keeps on frustrating
Last spring, we found yet another piece of riskware on Google Play we call Android/PUP.Riskware.FakeGift. Based on Hindi characters found in the code, we can assume it originates from India. With over 50,000 installs before being removed from Google Play, FakeGift apparently kept on...
WordPress NewStatPress Plugin 0.9.8 xss+sql注入
主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...
WordPress Landing Pages 1.8.4 Cross Site Scripting / SQL Injection Vulnerabilities
WordPress Landing Pages plugin version 1.8.4 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...