Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description Resin Application and Web Server suffers from a XSS issue due to a...

SAS Integration Technologies Client 9.31_M1 (SASspk.dll) Stack-based Overflow

Summary SAS Integration Technologies provides you with software that enables you to build a secure client/server infrastructure on which to implement SAS distributed processing solutions. With SAS Integration Technologies, you can integrate SAS with other applications in your enterprise; provide...

Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

Summary Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing system on your WordPress blog. Description The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'alert' GET parameter in the 'page.php' script...

Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Summary Securimage-WP adds powerful CAPTCHA protection to comment forms on posts and pages to help prevent comment spam from getting onto your site. Description Securimage-WP suffers from a XSS issue in 'siwptest.php' that uses the 'PHPSELF' variable. The vulnerability is present because there...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

CMSLogik 1.2.1 (upload_file_ajax()) Shell Upload Exploit

Summary CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. Description The...

CMSLogik 1.2.1 (user param) User Enumeration Weakness

Summary CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. Description The...

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities

Summary CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. Description CMSLogik...

TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit

Summary The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price...

Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities

Summary Qool CMS is a content management system that helps web masters be more productive. Qool has been built with both worlds web master, web developer in mind. It is easy to create addons extensions for the system but you can really do without them too. Description Qool CMS suffers from multip...

Qool CMS v2.0 RC2 XSRF Add Root Exploit

Summary Qool CMS is a content management system that helps web masters be more productive. Qool has been built with both worlds web master, web developer in mind. It is easy to create addons extensions for the system but you can really do without them too. Description Qool CMS allows users to...

MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities

Summary MTP Guestbook allows you to put a guestbook on your website. Your visitors can sign it and leave a message. The entries can be edited and deleted in the admin area. Description MTP Guestbook script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered...

MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability

Summary MTP Image Gallery offers more control, better uploading and enhanced performance. With MTP Image Gallery you can easily create and maintain albums of photos via an intuitive, web interface. Description MTP Image Gallery suffers from a stored XSS vulnerability when parsing user input to th...

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities

Summary More than poll is a polling system with a powerful administration tool. It features: multiple pools, templates, unlimited options, IP Logging, cookie support, and more. Description MTP Poll script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered...

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site'...

Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability

Summary Squirrelcart PHP Shopping Cart software is a fully customizable, robust php shopping cart, designed with the advanced developer and web novice in mind. Description Squirrelcart suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'table' GET parameter ...

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

Summary Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures. Description Input passed to the 'dl' parameter in 'install.php' script is not properly sanitised before being used to get the contents of a resource or delet...

AbanteCart 1.1.3 (index.php) Multiple Reflected XSS Vulnerabilities

Summary AbanteCart is a free PHP based eCommerce solution for merchants to provide ability creating online business and sell products online quick and efficient. Description AbanteCart suffers from multiple reflected cross-site scripting vulnerabilities. The issues are triggered when input passed...

OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description The vulnerability is caused due to the improper verification of uploaded files in...

Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability

Summary Aloaha Credential Provider represents one of the most dramatic changes in the Windows Vista / 7 logon screen, making it much easier to implement new user authentication scenarios that are supported by the OS. To be able to logon via Smartcard to a windows machine requires usually the...

phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability

Summary phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs from anyhwere, where you have internet access. This can be your home, workplace, train station, abroad, offroad, in the woods or your own backyard. Description...

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

Summary phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs from anyhwere, where you have internet access. This can be your home, workplace, train station, abroad, offroad, in the woods or your own backyard. Description...

Joomla Incapsula Component <= 1.4.6_b Reflected Cross-Site Scripting Vulnerability

Summary Once installing the Incapsula for Joomla component, simply make the provided DNS changes and within minutes your website traffic will be seamlessly routed through Incapsula’s globally distributed network of POPs. Description The Joomla Incapsula component suffers from a XSS issue due to a...

Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overload SEH

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

NVIDIA Install Application 2.1002.85.551 (NVI2.dll) Unicode Buffer Overflow PoC

Summary NVIDIA install core application for Windows. Description The vulnerability is caused due to a boundary error in NVI2.DLL when handling the value assigned to the 'pDirectory' string variable in the 'AddPackages' function and can be exploited to cause a unicode buffer overflow by inserting ...

Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities

Summary Powerful open source ecommerce platform. Description Axis Commerce suffers from multiple stored XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and...

Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities

Summary Oracle OpenSSO is a complete solution that provides Web access management, federated single sign-on and Web services security in a single, self-contained application. Description Oracle OpenSSO suffers from multiple cross-site scripting vulnerabilities when input passed via several...

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

Summary PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rapid Application Development Object-oriented. Description Input passed to the 'sr' parameter in 'functionaltests.php' is not properly sanitised before being us...

NASA Tri-Agency Climate Education (TrACE) v1.0 SQL Injection Vulnerability

Summary The Tri-Agency Climate Education TrACE Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaborati...

NASA Tri-Agency Climate Education (TrACE) v1.0 Multiple XSS Vulnerabilities

Summary The Tri-Agency Climate Education TrACE Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaborati...

Oracle Identity Management 10g (username) XSS POST Injection Vulnerability

Summary Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers scalable solutions for identity...

ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities

Summary Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line business. Description ViArt Shop suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several...

ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability

Summary Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line business. Description Input passed to the 'DATA' POST parameter in 'sipsresponse.php' is not properly sanitised before being used to process product payment data. This can be...

Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

Summary The Spiceworks IT Desktop delivers nearly everything you need to simplify your IT job. Available in a variety of languages, Spiceworks' single, easy-to-use interface combines Network Inventory, Help Desk, Mapping, Reporting, Monitoring and Troubleshooting. And, it connects you with other ...

Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities

Summary Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content managemen...

Subrion CMS 2.2.1 CSRF Add Admin Exploit

Summary Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content managemen...

Cannonbolt Portfolio Manager v1.0 Stored XSS and SQL Injection Vulnerabilities

Summary Cannonbolt Portfolio Manager is a sleek and AJAX based PHP script to manage projects and showcase. Description The application suffers from a stored cross-site scripting and a SQL Injection vulnerability when input is passed to the 'cname' POST parameter in 'add-category.php' and 'cdel' G...

Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC

Summary Express Burn is a program that allows you to create and copy many kinds of disc media, including Audio audio CDs / .mp3 CDs, Video DVDs, and Data CDs / DVDs / Blu-ray. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploit...

web@all CMS 2.0 Multiple Remote XSS Vulnerabilities

Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description web@all CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several...

SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability

Summary SiNG cms is a free modular Content Management System open source, based on a bunch of PHP / MySQL and intended use of the web server Apache. Description The application is prone to a reflected cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to...

Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

Summary Monstra is fast and small content management system written in PHP! It's free, open source and easy to use from the start! Description Monstra suffers from multiple stored XSS vulnerabilities when parsing user input to the 'menuitemlink', 'menuitemname' and 'pagetitle' parameters via POST...

xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability

Summary One shop system, many shop solutions. The shop software xt:Commerce 4 is the basic framework for online shops and for merchants who install and configure their own shop. Description xt:Commerce suffers from a stored XSS vulnerability when parsing user input to the 'productsnamede' paramet...

web@all CMS 2.0 (_order) SQL Injection Vulnerability

Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description The application suffers from an SQL Injection vulnerability. Input passed via the GET parameter 'order' is not properly sanitised before being returned to the user or use...

KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability

Summary KindEditor online HTML editor is a set of open source, mainly for users on the site to get WYSIWYG editing effects, developers can replace the traditional multi-line text input box textarea KindEditor rich visualization text input box. Description KindEditor is prone to a reflected...

Zoho BugTracker Multiple Stored XSS Vulnerabilities

Summary Zoho Bug Tracker is an online bug tracking software that combines a clean and an intuitive interface to submit and track bugs with custom workflows, business rules, custom fields and filters for the bugs that software projects are bound to generate and fix all bugs fast. Description The B...

PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

Summary PolarisCMS is a White Label CMS content management System providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website...

IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities

Summary Through its extraordinary flexibility, reliability, and performance, the IBM® System Storage® series is designed to manage a broad scope of storage workloads that exist in today’s complex data center and do it effectively and efficiently. This flagship IBM disk system can bring simplicity...