MODX Revolution CMS <= 2.6.3 Stored XSS Vulnerability

MODX CMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Command Injection

Overview Versions of whereis before 0.4.1 are vulnerable to command injection if untrusted user input is passed into whereis. Recommendation Update to version 0.4.1 or later. References - HackerOne Report - GitHub Commit 0f64e37 - GitHub Advisory...

Path Traversal

Overview Versions of public before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. Recommendation Update to version 0.1.3 or later. References - Github...

WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting Vulnerability

WordPress WP-Contact-Widgets plugin version 1.4.1 suffers from a stored cross site scripting vulnerability. Exploit Title: Stored XSS on wp-contact-widgets 1.4.1 wordpress plugin Exploit Author: Boumediene KADDOUR Publisher: R&D Unit Algerie Telecom Version: 1.4.1 Application website:...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

SRC-2016-0010 : ATutor LMS question_import Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

TestLink 1.9.14 - Cross-Site Request Forgery

TestLink 1.9.14 - Cross-Site Request Forgery Information ================================= Name: CSRF Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type:...

RedaxScript 2.1.0 - Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Privilege Escalation in RedaxScript 2.1.0 Date: 11-05-2014 Exploit Author: shyamkumar somana Vendor Homepage: http://redaxscript.com/ Version: 2.1.0 Tested on: Windows 8 Privilege Escalation in RedaxScript 2.1.0 RedaxScript 2.1....

PHP5. 6 is found to exist the heap overflow vulnerability-vulnerability warning-the black bar safety net

This vulnerability should not Stefan Esser discovered, it should be is Stefan Esser saw the github commit only with the rattan touch melon find this vulnerability, it appears that the attention of the update is indeed a good habit. Body Vulnerability exists in DNS TXT record parsing this function...

WordPress WooCommerce 2.0.17 Cross Site Scripting

Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemes Product web page: http://www.woothemes.com Affected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue due to a...

Fork CMS Cross Site Scripting and Local File Include Vulnerabilities

Fork CMS is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication...