CVE-2025-9129

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-16078 · Unknown · Odude Flexi – Guest Submit

Name of the Vulnerable Software and Affected Versions: odude Flexi – Guest Submit versions 4.28 and earlier Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as PHP Remote File Inclusion, which allows PHP Local File...

Ambit Technologies iTech B2B Script SQL注入漏洞

Ambit Technologies iTech B2B Script is a B2B e-commerce system script from Ambit Technologies, India. Ambit Technologies iTech B2B Script version 4.28 suffers from a SQL injection vulnerability that stems from the presence of an insecure file, subpage.php, which can be exploited by an attacker to...

Dr.Web 4.x Virus Scanner Folder Name Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7022/info A buffer overflow vulnerability has been reported for Dr. Web virus scanner. The vulnerability is due to insufficient bounds checking when processing folder names. An attacker is able to exploit this vulnerabili...

Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/7022/info A buffer overflow vulnerability has been reported for Dr. Web virus scanner. The vulnerability is due to insufficient bounds checking when processing folder names. An attacker is able to exploit this vulnerability by creating a malicious folder...