Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

The plugin does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC 1: This requires Firefox due to onclick+accesskey trick on hidden input. There is...

Adobe AIR for Mac Installed

Adobe AIR for Mac is installed on the remote host. It is a browser- independent runtime environment that supports HTML, JavaScript, and Flash code and provides for Rich Internet Applications RIAs. TRUSTED...