199 matches found
SocialEngine 4.8.9 - SQL Injection
Exploit for php platform in category web applications Product: SocialEngine Vendor: Webligo Vulnerable Versions: 4.8.9 and probably prior Tested Version: 4.8.9 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: April 6, 2016...
DSA-3541-1 roundcube - security update
Bulletin has no description...
CubeCart 6.0.10 - Multiple Vulnerabilities
Exploit for php platform in category web applications Product: CubeCart Vendor: CubeCart Limited Vulnerable Versions: 6.0.10 and probably prior Tested Version: 6.0.10 Advisory Publication: March 2, 2016 without technical details Vendor Notification: March 2, 2016 Vendor Patch: March 16, 2016 Publ...
Dating Pro Genie 2015.7 Cross Site Request Forgery
Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Disclosure:...
WebsiteBaker CMS 2.8.3-SP5 SQL Injection
Advisory ID: HTB23296 Product: WebsiteBaker Vendor: WebsiteBaker Org e.V. Vulnerable Versions: 2.8.3-SP5 and probably prior Tested Version: 2.8.3-SP5 Advisory Publication: February 24, 2016 without technical details Vendor Notification: February 24, 2016 Vendor Patch: February 26, 2016 Public...
WeBid 1.1.2P2 SQL Injection
Advisory ID: HTB23292 Product: WeBid Vendor: WeBid Vulnerable Versions: 1.1.2P2 and probably prior Tested Version: 1.1.2P2 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 4, 2016 Public Disclosure: February 17, 2016...
Roundcube Webmail 1.1.3 - Directory Traversal
Roundcube Webmail 1.1.3 - Directory Traversal Advisory ID: HTB23283 Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch:...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...
Roundcube 1.1.3 - Directory Traversal
Exploit for php platform in category web applications Product: Roundcube Vendor: Roundcube.net Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Vendor Patch: December 26, 20...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...
Remote Code Execution in Exponent
High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...
Zen Cart 1.5.4 Local File Inclusion Vulnerability
Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability. Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26...
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 24, 2015 Public Disclosure:...
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...
bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion
Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...
bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability
bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability. Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details...
bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability
bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion Vulnerability
WordPress Gwolle Guestbook plugin version 1.5.3 suffers from a remote file inclusion vulnerability. Product: Gwolle Guestbook WordPress Plugin Vendor: Marcel Pol Vulnerable Versions: 1.5.3 and probably prior Tested Version: 1.5.3 Advisory Publication: October 14, 2015 without technical details...
WordPress Calls To Action 2.4.3 Cross Site Scripting Vulnerability
WordPress Calls to Action plugin version 2.4.3 suffers from a cross site scripting vulnerability. Product: Calls to Action WordPress plugin Vendor: InboundNow Vulnerable Versions: 2.4.3 and probably prior Tested Version: 2.4.3 Advisory Publication: October 7, 2015 without technical details Vendor...