CVE-2023-3244 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin

On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...

SilverStripe CMS 3.1.9 Path Disclosure

https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html Date: 04-Apr-2017 Product: SilverStripe CMS Versions affected: 3.1.9 and below. Vulnerability: Path disclosure. Example URL: http://target/dev/build/ Path reported: /home/target/publichtml/framework/dev/DebugView.php...

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...

neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure Vulnerabilities

neuroML version 1.8.1 suffers from cross site scripting, local file inclusion, XXE injection, and path disclosure vulnerabilities. Product: neuroML Version: Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel Date: 10.10.2014 Abstract: -----------...

neuroML 1.8.1 XSS / LFI / XXE Injection / Disclosure

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: neuroML Version: Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel Date: 10.10.2014 Abstract: ------------- The NeuroML project focuses on the development of an X...

Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability

No description provided by source. Joomla AJAX Shoutbox remote SQL Injection vulnerability - Author: Ibrahim Raafat - Contact: https://twitter.com/RaafatSEC - Discovery date: 1 April 2010 4 years ago - Reported to vendor : 12 March 2014 - Response: Quick response from the developer, Patched and...

No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key

Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...

Dotclear 2.4.4 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

Lidosys CMS SQL Injection / Information Disclosure

Hello list! I'm presenting you the vulnerabilities in LIOOSYS CMS - Polish commercial CMS. These are SQL Injection and Information Leakage vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of the system, except the last one, which...

Cloth Baidu video remote code execution vulnerability-vulnerability warning-the black bar safety net

Baidu video is a good Media Player software, which in many detail aspects of the process of humanization, however, the developers release the software, not the software used in a special library file to eliminate, resulting in the Baidu video player can take the opportunity to realize the remote...

Multiple Security Issues Found In AZBB

GulfTech Security Research April 19th, 2005 Vendor : AZBB URL : http://azbb.cyaccess.com/ Version : AZBB 1.0.07d && Earlier Risk : Multiple Vulnerabilities Description: azbb is a forum that was written with a primary focus on security. azbb does not require a database such as MySQL, PostGres or...

osCommerce Malformed Session ID XSS Vuln

Vendor : osCommerce URL : http://www.oscommerce.com Version : All Current Versions Risk : Cross Site Scripting Description: osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners ...

XSS vulnerability in phpBB

Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...

xandros-autorun.txt

There is a new debian based distro called Xandros making its way on to the market.I believe the developers from Corel Linux are on board with Xandros. It has at least one public beta and another on the way and I know of at least one OS that uses it as its backend. I got a chance to play on a coup...