>> ARCHIVE: 2016-08

WordPress Selected Text Sharer plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

WordPress Welcome Announcement plugin version 1.0.5 suffers from a cross site scripting vulnerability.

NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffer from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as…

NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.

NUUO versions 3.0.8 and below suffer from a file disclosure vulnerability.

NUUO versions 3.0.8 and below suffer from OS command injection vulnerabilities.

NUUO NVRmini, NVRmini2, Crystal, NVRSolo suffer from an authenticated ShellShock vulnerability. This could allow an attacker to gain control over a targeted computer if exploited successfully. The vulnerability affects Bash,…

NUUO versions 3.0.8 and below suffer from an arbitrary file deletion vulnerability.

NUUO NVRmini, NVRmini2, Crystal and NVRSolo devices have a hidden PHP script that when called, a backdoor user is created with poweruser privileges that is able to read and write…