:: Deepquest ::

WordPress Image Export Plugin 1.1.0 – Arbitrary File Disclosure

WordPress Import CSV Plugin 1.0 – Directory Traversal

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing “…/./” instead of “../”.

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

Avira suffers from a heap underflow vulnerability when parsing PE section headers.

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in “/env-production/itop-config/config.php” script, as well as lack of user-input sanitization received via “new_config” HTTP […]

High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to change administrator’s credentials and execute arbitrary system commands. Successful exploitation of the vulnerability may allow attacker to gain complete control over the vulnerable website, all […]

WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.

Wildfly – WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass

Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.