Unrestricted file upload

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...

CVE-2015-6567

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality...

CVE-2016-8720

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1178

The CVE-2016-1178 issue affects appleple a-blog cms up to version 2.6.0.1, where a flaw in the session management of the comment feature allows remote attackers to obtain or modify sensitive data. Related sources describe concrete impacts: an unauthenticated attacker could delete arbitrary commen...

CVE-2017-3057

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

Memory corruption

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

Integer overflow

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

bebekform.com XSS vulnerability

Vulnerable URL: https://www.bebekform.com/ara.php?searchGrup=0"'--!confirmOPENBUGBOUNTY...

CVE-2017-3057

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality...

arabiyet.com XSS vulnerability

Vulnerable URL: http://arabiyet.com/?s="'--!confirmOPENBUGBOUNTY...

Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows

A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

phpMyAdmin 4.0.x < 4.0.10.19 / 4.4.x < 4.4.15.10 / 4.6.x < 4.6.6 Multiple Vulnerabilities (PMASA-2017-1 - PMASA-2017-7)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.19, 4.4.x prior to 4.4.15.10, or 4.6.x prior to 4.6.6. It is, therefore, affected by the following vulnerabilities : - An open redirect vulnerability exists due to a...

onlinecasting.co.za XSS vulnerability

Vulnerable URL: http://www.onlinecasting.co.za/search.asp?mode=seek=model%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirmOPENBUGBOUNTY%20//%3E=actor=dancer=singer=extrawoman=onman=on=0=0=0=0age=0age=200height=0height=240=0=20=on===t1.datecreated%20desc Details:...

sonhaber.blog XSS vulnerability

Vulnerable URL: http://www.sonhaber.blog/?s="/alert/openbugbounty/...