45 matches found
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Date: 2020-02-06 Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by:...
Composr CMS 10.0.30 Cross Site Scripting
Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Date: 2020-02-06 Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by:...
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's...
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922...
phpMyAdmin 4.9.0.1 Cross Site Request Forgery
============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery ============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922...
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...
CMS Made Simple 2.2.10 Cross Site Scripting
============================================= MGC ALERT 2019-002 - Original release date: April 10, 2019 - Last revised: May 22, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2019-11226 ============================================= I. VULNERABILITY...
WordPress Localize My Post plugin 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability found by Manuel Garcia Cardenas in WordPress Localize My Post plugin version 1.0. Solution This plugin was closed on 2018 September 21th and is no longer available for download. Deactivate and delete the plugin as soon as possible...
WordPress Pie Register plugin <= 3.0.9 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability found by Manuel Garcia Cardenas WordPress Pie Register plugin versions = 3.0.9. Solution Update the WordPress Pie Register plugin to the latest available version at least 3.0.10...
Kodi 17.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
Kodi 17.6 - Persistent Cross-Site Scripting
============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...
Kodi 17.6 Cross Site Scripting
============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...
TextPattern 4.6.2 - qty SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
Sync Breeze 10.2.12 Denial Of Service
============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088 ============================================= I...
WordPress Responsive Image Gallery 1.1.8 SQL Injection
============================================= MGC ALERT 2017-006 - Original release date: September 01, 2017 - Last revised: September 25, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2017-14125 ============================================= I...
Backdrop CMS 1.7.1 Cross Site Scripting Vulnerability
Backdrop CMS versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability. I. VULNERABILITY ------------------------- Backdrop CMS Content types - Add content type And post: POST /backdrop/admin/structure/types/add HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Windows N...
Backdrop CMS 1.7.1 Cross Site Scripting
============================================= MGC ALERT 2017-005 - Original release date: July 11, 2017 - Last revised: August 18, 2017 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY -----------------------...
Theo CMS 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-004 - Original release date: July 11, 2017 - Last revised: August 12, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score...
WordPress Kama Click Counter 3.4.9 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-002 - Original release date: February 21, 2017 - Last revised: February 28, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score...