WordPress Simple Flash Video Plugin <= 1.7 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via "get" method. Solution Update the plugin...

TORNADO Computer Trading CMS - SQL Injection Vulnerability

Document Title: =============== TORNADO Computer Trading CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1489 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ====================================...

TORNADO Computer Trading - SQL Injection Vulnerability

Document Title: =============== TORNADO Computer Trading - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1489 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ==================================== 148...

Instant v2.0 SQL Injection Vulnerability

A SQL Injection Vulnerability has been discovered in the Instant v.2.0 CMS. The Vulnerability is located in the subid Value of the productcat.php File. Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated subid Value. Attackers are able to read Database...

Pandora FMS 5.1 SP1 - SQL Injection Vulnerability

Pandora FMS version 5.1 SP1 suffers from a remote SQL injection vulnerability. Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability Product & Service Introduction: =============================== Pandora FMS is a monitoring Open Source software. It watches your...

Mangallam CMS - SQL Injection Web Vulnerability

Document Title: =============== Mangallam CMS - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1421 Release Date: ============= 2015-01-26 Vulnerability Laboratory ID VL-ID: ==================================== 1421 Commo...

Blitz CMS Community - SQL Injection Web Vulnerability

Document Title: =============== Blitz CMS Community - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 1402...

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability

WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability. Product & Service Introduction: =============================== WiFi File Browser allows you to download and upload files to your mobile device by using your favourite web browser without the need of a USB cable. The...

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability

Document Title: =============== WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1406 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ===================================...

PHPok v4.1 /framework/www/project/control.php SQL注入漏洞

/framework/www/projectcontrol.php $ext = $this-get"ext"; if$ext && isarray$ext $c = ''; foreach$ext AS $key=$value if$key && $value $c = "ext.".$key." LIKE '%".$value."%'"; $pageurl .= "ext".$key."=".rawurlencode$value."&"; if$c $dt'sqlext' = implode" AND ",$c; $this-assign'ext',$ext;...

File Manager 4.2.10 iOS - Code Execution Vulnerability

No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...

File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

File Manager 4.2.10 iOS - Code Execution

File Manager 4.2.10 iOS - Code Execution Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID...

File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

UBUNTU-CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

VWD-CMS - CSRF Vulnerability

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ Title : VWD-CMS CSRF Vulnerability Affected Version : VWD-CMS version 2.1 Discovery : www.abysssec.com Vendor : http://www.vwd-cms.com/ Demo...

DreamBox DM800 Arbitrary File Download Vulnerability

No description provided by source. Exploit Title: title Date: date Author: ShellVision Version: dm800 = 1.6rc3 Tested on: dm800 Release 4.6.0 2009-12-24 DreamBox DM800 Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Affected...

EasyPublish 3.0 'read' Parameter Multiple SQL Injection and Cross-Site Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30307/info EasyPublish is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection and cross-site scripting vulnerabilities...

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014...