WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. As a...

OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30989/info Open Media Collectors Database OpenDb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

HTB22813: XSS vulnerability in UMI.CMS

Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...

Sugar CRM 5.5.0.RC2 and 5.2.0j Multiple Remote Vulnerabilities

No description provided by source. Author: Janek Vind 'waraxe' Vulnerable: SugarCRM SugarCRM 5.5.0.RC2 SugarCRM SugarCRM 5.2.0j Product: http://www.sugarcrm.com/crm/ Description: SugarCRM is prone to multiple remote vulnerabilities, including: 1. Multiple SQL-injection vulnerabilities 2. Multiple...

AS-GasTracker 1.0.0 - Insecure Cookie Handling

--==+================================================================================+==-- --==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 MA...