CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

CVE-2022-26366 WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...

AdRotate Banner Manager < 5.9.1 - Password Change via CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make a logged admin change their password via CSRF attacks...

CVE-2022-1694

The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form...

Useful Banner Manager <= 1.6.1 - Modify banners via CSRF

The plugin does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. PoC...

CSZ CMS 1.2.9 Cross Site Scripting

Exploit Title: CSZ CMS 1.2.9 - Multiple Cross-Site Scripting Date: 2020/12/28 Exploit Author: SunCSR Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.2.9 Tested on: CSZ CMS 1.2.9 1. Reflected XSS Go to url...

AdRotate Banner Manager Plugin for WordPress < 5.3 SQL Injection

The WordPress AdRotate Banner Manager Plugin installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of sensitive information and...

WordPress AdRotate Banner Manager plugin <= 5.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Tin Duong in WordPress AdRotate Banner Manager plugin versions = 5.2. Solution Update the WordPress AdRotate Banner Manager plugin to the latest available version at least 5.3...

AdRotate Banner Manager <= 5.2 - Authenticated SQL Injection

The vendor states: "Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though...

osCommerce 2.3.4 - Multiple Vulnerabilities

osCommerce 2.3.4 - Multiple Vulnerabilities Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerabl...

osCommerce 2.3.4 - Multiple Vulnerabilities

Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable parameters - customersemailaddress &...

osCommerce 2.3.4 - Multiple vulnerabilities

Latest osCommerce software suffers on multiple cross site scripting and cross site request forgery vulnerabilities, which even may lead to remote code execution. Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested o...

PHPNuke 5.6/6.x Banners.PHP Banner Manager Password Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker ...

osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability

No description provided by source. Exploit Title: OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager Google Dork: powered by oscommerce we will automatically add these to the GHDB Date: 13-05-2011 Author: Number 7 Software Link: http://www.oscommerce.com/ext/oscommerce-2.3.1.zip Version...

Zen Cart <= v1.3.9h Multiple Vulnerabilities

Exploit for php platform in category web applications ================================================================== Multiple Vulnerabilities in Zen Cart Vendor SW = Zen Cart - http://www.zen-cart.com Version = 1.3.9f, 1.3.9h but possible all versions Vendor URL = www.zen-cart.com Tested on =...

osCommerce 2.3.1 Shell Upload

Exploit Title: OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager Google Dork: powered by oscommerce we will automatically add these to the GHDB Date: 13-05-2011 Author: Number 7 Software Link: http://www.oscommerce.com/ext/oscommerce-2.3.1.zip Version: 2.3.1 Tested on:...

osCommerce 2.3.1 - &#039;banner_manager.php&#039; Arbitrary File Upload

Exploit Title: OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager Google Dork: powered by oscommerce we will automatically add these to the GHDB Date: 13-05-2011 Author: Number 7 Software Link: http://www.oscommerce.com/ext/oscommerce-2.3.1.zip Version: 2.3.1 Tested on:...

osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager Google Dork: powered by oscommerce we will automatically add these to the GHDB Date: 13-05-2011 Author: Number 7 Software Link:...

osCommerce 2.3.1 - banner_manager.php Arbitrary File Upload

osCommerce 2.3.1 - bannermanager.php Arbitrary File Upload Exploit Title: OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager Google Dork: powered by oscommerce we will automatically add these to the GHDB Date: 13-05-2011 Author: Number 7 Software Link:...

Banner Manager <= 0.81 (Auth Bypass) SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================================ Banner Manager = 0.81 Auth Bypass SQL Injection Vulnerability ================================================================ @Title: Banner Manager = 0.81 Auth Bypass SQL...