CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...

CVE-2025-8120

CVE-2025-8120 affects PAD CMS: upload photo function is vulnerable because of a client-controlled permission check parameter, allowing unauthenticated remote attackers to upload arbitrary files and execute remote code. Impacts all templates (www, bip, ww+bip). The product is End-Of-Life, and the ...

MotoCMS Version 3.4.3 - SQL Injection Vulnerability

Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...

SearchDimension search hijackers: An overview of developments

Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...

Image of the Day: SpamIt, Glavmed Models

Today’s image of the day comes from Brian Krebs’s blog, KrebsonSecurity. The image illustrates how Glavmed and other alleged players in the global spam game operate, and is part of a larger exposition of the Spamit operation that was reportedly shut down sometime last year as detailed by Krebs on...

Template Seller Pro 3.25

AlstraSoft Template Seller Pro 3.25 =================================== Software: AlstraSoft Template Seller Pro 3.25 Severity: Arbitrary code execution, SQL Injections Risk: High Author: Robin Verton [email protected] Date: Nov. 15 2005 Vendor: www.alstrasoft.com Description: Ever thought of...