opencart 3.0.3.8 - Sessjion Injection Vulnerability

Exploit Title: opencart 3.0.3.8 - Sessjion Injection Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10 using XAMPP,...

lftp file overwrite

Downloaded file name in lftpget may be set by server without user confirmation...

CVE-2009-3172

Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights...

Sql injection and global variables poisoning in XMB Forum 1.9.1

Vendor notified at and partial patch: http://forums.xmbforum.com/viewthread.php?tid=754523 firstly the input validation at xmb.php: foreach $global as $num = $array if isarray$array extract$array, EXTROVERWRITE; this should put to not overwrite any variables cause it overwrite server set variable...