CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

CVE-2020-10568

The sitepress-multilingual-cms WPML plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17209)

Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/add-article.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems fr...

Chadha PHPKB cross-site scripting vulnerability (CNVD-2020-17214)

Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/add-group.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems from...

CVE-2020-10434

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-versions.php by adding a question mark ? followed by the payload...

SQL Injection Vulnerability in de***.html Page of Worry-Free Chinese/English Enterprise Website Management System

Worry-free Chinese and English enterprise website management system is developed with PHP+MYSQL technology and MVC mode, with clear structure and easy to maintain code. A SQL injection vulnerability exists in the de.html page of the Worry-Free Chinese/English Enterprise Website Management System,...

Command Execution Vulnerability in BEESCMS Website Builder System

BEESCMS Enterprise Website Management System is a PHP+MYSQL multilingual system. A command execution vulnerability exists in BEESCMS website builder system, which can be exploited by an attacker to obtain a website webshell...

CVE-2012-0828

Removed by vendor...

SemCms foreign trade website PHP multilingual version v1.0.4 has file upload vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers. SemCms foreign trade website PHP multilingual version v1.0.4 file upload vulnerability. The...

WordPress sitepress-multilingual-cms (WPML) plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitepress-multilingual-cms WPML plugin is a website multilingual support plugin used in it. A cross-site scripting vulnerability exist...

The Phishing Industry

As I mentioned in my previous blog post, phishing attacks are now being created and executed on an industrial scale. Malicious actors are increasingly using highly sophisticated off-the-shelf phishing kits that allow them to deliver very targeted, short-lived attacks. These campaigns direct victi...

Code Execution Vulnerability in SongCMS Backend

SongCMS is a PHP MySQL, ASP Access/SQL Server based development , enterprise-oriented , multi-language support , free , open source CMS, to help business users to quickly build and deploy enterprise-level portal . SongCMS backend code execution vulnerabilities , attackers use the vulnerability to...

Babel Input Validation Error Vulnerability

Babel is a multilingual support module for use in content management systems. An input validation error vulnerability exists in Babel. The vulnerability arises from a network system or product that does not properly validate input data...

CVE-2019-1010290

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any...

Open redirect

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any...

CVE-2019-1010290

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any...

CVE-2019-1010290

Babel Open Redirect (CVE-2019-1010290) affects the redirect.php component via the newurl parameter. The vulnerability allows redirection to an attacker-supplied URL, enabling an attacker-controlled redirect when a user follows a crafted link. The attack vector requires user interaction (visiting ...

File Inclusion Vulnerability in Acme CMS

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS has a file inclusion vulnerability that can be exploited by an attacker to include any file on the server...

Unauthorized Access Vulnerability in Acme CMS

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS has an unauthorized access vulnerability that can be exploited by attackers to conduct unauthorized operations...

[SECURITY] Fedora 29 Update: filezilla-3.41.2-1.fc29

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...