File Upload Vulnerability in Acme CMS 2.0

Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. Acme CMS 2.0 suffers from a file upload vulnerability, which can be exploited by attackers to gain control of the web server...

September 20, 2018—KB4457139 (Preview of Monthly Rollup)

September 20, 2018—KB4457139 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4457144 released September 11, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Address...

NETworkManager - A Powerful Tool For Managing Networks And Troubleshoot Network Problems!

A powerful tool for managing networks and troubleshoot network problems! Features Network Interface - Information, Configure IP-Scanner Port-Scanner Ping Traceroute DNS Lookup Remote Desktop PuTTY requires PuTTY TightVNC requires TightVNC SNMP - Get, Walk, Set v1, v2c, v3 Wake on LAN HTTP Headers...

[SECURITY] Fedora 29 Update: roundcubemail-1.3.8-1.fc29

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Spam and phishing in Q3 2018

Quarterly highlights Personal data in spam We have often said that personal data is candy on a stick to fraudsters and must be kept safe that is, not given out on dubious websites. It can be used to gain access to accounts and in targeted attacks and ransomware campaigns. In Q3, we registered a...

LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting

LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Exploit Title: LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software :...

LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting

Exploit Title: LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software : LANGO - Codeigniter Multilingual Script Version : 1.0...

LANGO Codeigniter Multilingual Script Cross-Site Scripting Vulnerability

LANGO Codeigniter Multilingual Script is a multilingual support script based on Codeigniter. A cross-site scripting vulnerability exists in LANGO Codeigniter Multilingual Script version 1.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-18416

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

CVE-2018-18416

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

CVE-2018-18416

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

CVE-2018-18416

CVE-2018-18416 affects the LANGO Codeigniter Multilingual Script 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the input and upload sections, demonstrated via the site_name parameter to the admin/settings/update endpoint. The available connected documents confirm the existence of...

LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting

Exploit Title: LANGO - Codeigniter Multilingual Script 1.0 - HTML Injection and Stored XSS Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software : LANGO - Codeigniter Multilingual Script Version : 1.0...

LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting Vulnerability

LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities. Exploit Title: LANGO - Codeigniter Multilingual Script 1.0 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Lin...

WordPress WPML plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL servers to set up a personal blog site. WPML also known as sitepress-multilingual-cms is used in one of the multi-language support plug-ins. A cross-si...

Sitepress Multilingual 3.6.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications FULL DISCLOSURE Product : Sitepress Multilingual CMS Plugin Exploit Author : Rahul Pratap Singh Version : 3.6.3 and Below Home page Link : https://wpml.org/ Website: https://0x62626262.wordpress.com Date : 08/10/2018 Unauthenticated Stored XSS...

Sitepress Multilingual 3.6.3 Cross Site Scripting

FULL DISCLOSURE Product : Sitepress Multilingual CMS Plugin Exploit Author : Rahul Pratap Singh Version : 3.6.3 and Below Home page Link : https://wpml.org/ Website: https://0x62626262.wordpress.com Date : 08/10/2018 Unauthenticated Stored XSS Vulnerability: aaaaaaaaaaaaa- Description:...

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

CVE-2018-18069

The CVE-2018-18069 entry concerns the WordPress plugin sitepress-multilingual-cms (WPML) up to version 3.6.3. A Cross-Site Scripting (XSS) flaw exists in the process_forms function via any locale_file_name_ parameter (e.g., locale_file_name_en) when making an authenticated request to wp-admin/adm...