(0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Code execution vulnerability in Axublog ad/theme.php file

Axublog is a PHP personal blog system. A code execution vulnerability exists in the Axublog ad/theme.php file. The vulnerability is due to the program failing to filter the parameters passed, an attacker can exploit the vulnerability to construct a specially crafted file, upload a shell, and obta...

Wordpress <= 4.6.1 Triggers Stored XSS Vulnerability Using Theme Files

WordPress is a free and open source blogging software and content management system using PHP and MySQL as its platform. A backend stored XSS vulnerability can be exploited by uploading maliciously constructed theme files in Wordpress = version 4.6.1. A backend stored XSS vulnerability can be...